Tessian: 99% of CISOs work overtime due to heavy workloads

A new survey from Tessian has found CISOs are working beyond their contracted hours, sometimes up to 24 hours more a week to make up for lost time.

Security leaders are working an average of 11 hours extra per week, according to new research from Human Layer Security company Tessian. Nearly one in 10 CISOs work between 20-24 hours extra per week and 59 per cent struggle to switch off from work when the working day is over.

As a result of demanding work schedules, 44 per cent of CISOs admitted that they have missed a doctor’s appointment, 42 per cent have missed national holidays like Christmas, 40 per cent have missed a family holiday and one in four haven’t taken any paid time off in the last 12 months. A third (33%) said they have been unable to exercise regularly due to work commitments.

When asked which tasks take up their time, nearly two-fifths of CISOs said they are spending too much time on attending departmental meetings (38%), reporting to the board (37%), and delivering security awareness training for employees (35%).

Just over a third (34%) said they spend too much time investigating and remediating threats, including employee-related security incidents. In fact, a report recently conducted by Forrester, commissioned by Tessian, found that security teams spend up to 600 hours per month investigating and remediating threats caused by human error - the equivalent of nearly four employees’ full-time workloads. A quarter of security leaders said they spend up to 12 hours per month looking into each threat caused by human error, while one in 10 spend over a day.

Tessian’s report reveals that by using security solutions which automatically prevent threats caused by human error, enterprises with 1,000+ employees could save over 26,000 hours in a year by freeing up security teams’ time and resources dedicated to investigation and remediation, policy management and security awareness training.

When CISOs were asked what they would do with extra time back in their diaries, spending time with family and friends, looking for ways to improve business strategy and resting ranked top. CISOs also revealed that they feel they are currently spending too little time on their own career development (38%) hiring talent for their team (36%) and researching new industry updates and trends (36%).

Josh Yavor, CISO for Tessian, says: "There is this unfortunate trend of heroism in the security industry. As security leaders, some of our most exciting stories include pulling all-nighters to defend the organisation or investigate a threat. However, we often fail to acknowledge that the need for heroics usually indicate a failure condition and are not sustainable.

“Like any job function, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, it’s critical that CISOs are able to lead by example and to set their teams up for sustainable operational work. Heroics are sometimes unavoidable, but we should be accountable for ensuring they are not the norm."

Tessian surveyed 300 CISOs in the US and UK using third-party survey company Censuswide in September 2021. Survey participants included decision-makers in IT, security, and compliance/risk management.


Featured Articles

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Darktrace reveals its top predictions for AI and cybersecurity developments in 2024, which include AI worms, hallucinations and cloud concerns

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security

QR ‘Quishing’ scams: Do you know the risks?

Application Security