Stress leading to Resignation

The CISO is the leader of the front line of defense against threat actors. Security leaders are often faced with a never-ending stream of security incidents that need to be addressed. They are often expected to do more with less. They are expected to keep up with the latest threats, develop and implement new security measures, and train employees on security best practices.

Security leaders are under increasing scrutiny from both within and outside their organizations. Boards of directors, shareholders, and regulators are all demanding more accountability for security. This can add to the stress of the job and make it difficult to make decisions. CISOs have always had a stressful job, but additional pressures are creating an untenable situation.

With ransomware becoming increasingly commoditized and generative AI tools like ChatGPT broadening hackers’ arsenal, organizations are increasingly under attack in what some are calling a cyber cold war. This, places greater and greater pressure on security leaders dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly up and quitting.

Recent research from anti data exfiltration and ransomware prevention company BlackFog revealed that nearly a third (32%) of CISOs or IT cybersecurity leaders in the U.S. and UK were considering leaving their current organization. Nine in 10 CISOs report being “moderately” or “tremendously” stressed, according to another study, and average CISO tenure is just two years and two months.

The top reasons for CISO dissatisfaction, according to BlackFog is: A lack of work-life balance and too much time spent “firefighting” rather than focusing on strategic issues. Many are struggling to keep up-to-date with new frameworks and models (such as multi-factor authentication and zero trust), and others say keeping their team’s skill levels up is a “serious challenge.”

Then there is the general lack of qualified team members to begin with. Over an eight-year period, the number of unfilled cybersecurity jobs grew by 350%, from one million positions in 2013 to 3.5 million in 2021. That number is expected to hold out to 2025. Organizations are increasingly under attack, and with short staffing, their vulnerability only increases — less than one in 10 organizations are equipped to deal with an attack from professional cybercriminals.

In fact, 100% of CISO respondents, to one recent survey said they needed additional resources to adequately cope with current IT security challenges.

If organizations want to retain their security leaders, they need to address these issues and create a more supportive environment for them.