New research from Tessian details the extent of CISO burnout and reveals how automation can help teams reclaim hours lost due to cybersecurity incidents caused by human error
A new report from Human Layer Security company Tessian reveals that two in five Chief Information Security Officers (CISOs) have missed holidays like Thanksgiving due to work demands. In addition, one-quarter have not taken time off work in the past 12 months.
In addition to missing national holidays, Tessian's report reveals that CISOs work, on average, 11 more hours than they're contracted to each week while one in 10 works 20 to 24 hours extra a week. As a result of their stressful jobs, 59% of CISOs say they struggle to always switch off from work once the working day is over.
Cybersecurity Incidents Caused by Human Error Drain Resources
According to a separate survey, conducted by Forrester and commissioned by Tessian, employee-related security incidents take up a significant amount of CISOs' time. It reveals that security teams spend up to 600 hours per month investigating and remediating threats caused by human error - the equivalent of nearly four employees' full-time workloads.
A quarter of security leaders said they spend between nine and 12 hours per month investigating and remediating each threat caused by human error, while more than one in 10 spend over a day. So it's no surprise that 34% of CISOs reported spending excessive time on triaging and investigation.
In addition, 38% of CISOs believe they're spending too much time in departmental meetings and reporting to the board on cybersecurity, while one-third also feel drained by administrative tasks. Similarly, 38% of CISOs also report feeling that they are spending too little time on their own career development. When asked to elaborate on what they are not spending enough time on, CISOs said: hiring talent for my team (36%), attending non-departmental meetings (38%), communicating to customers (35%), researching new industry updates and trends (36%) and working on my own career development (38%).
CISOs Miss Out on Key Calendar Moments
Due to demanding day jobs, CISOs are missing out on important events and family holidays, and are even putting their health at risk by missing doctor's appointments - something 44% of CISOs have experienced in the last year.
In addition, 42% of CISOs say they have missed a federal or national holiday like Thanksgiving or Christmas, and 40% have missed a family vacation due to work. One-third of CISOs report being unable to exercise regularly.
"There is this unfortunate trend of heroism in the security industry," said Josh Yavor, Tessian's CISO. "As security leaders, some of our most exciting stories include pulling all-nighters to defend the organization or investigate a threat. However, we often fail to acknowledge that the need for heroics usually indicate a failure condition and are not sustainable. Like any job function, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, it's critical that CISOs are able to lead by example and to set their teams up for sustainable operational work. Heroics are sometimes unavoidable, but we should be accountable for ensuring they are not the norm."
Automating Security to Free Up Hours Lost to Cybersecurity Incidents
Tessian's ROI calculator shows that by using security solutions which automatically prevent threats caused by human error, like accidental data loss or phishing attacks, an enterprise with 1,000+ employees can save over 26,000 hours in a year by freeing up the security teams' time and resources dedicated to investigation and remediation, policy management and security awareness training.
When asked what they would do with this time back in their schedules, CISOs said they'd spend more time with family and friends, looking for ways to innovate and improve business strategy, resting or sleeping, exercising and traveling emerged as the most popular responses.
To learn more about how Tessian can help security teams reclaim the hours lost to cybersecurity incidents caused by human error, access the report here: https://www.tessian.com/research/ciso-research/?utm_medium=online&utm_source=pr&utm_campaign=losthours-2111
--- ENDS ---
For the 'Lost Hours' report, Tessian surveyed 300 CISOs in the US and UK using third-party survey company Censuswide in September 2021.
The research commissioned by Tessian, and conducted by Forrester, resulted from an online survey of 317 security strategy decision makers at organizations in the US and the UK. Survey participants included decision-makers in IT, security, and compliance/risk management. The survey was conducted in September 2021.
Tessian's mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error - like data exfiltration, accidental data loss, business email compromise and phishing attacks - with minimal disruption to employees' workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital.