Feeling highly stressed about your job? You must be a CISO

Almost all cybersecurity professionals are stressed, and nearly half (46 percent) have considered leaving the industry altogether, according to a DeepInstinct survey.

For its annual Voice of SecOps Report, the endpoint security biz commissioned a poll of 1,000 senior-level security professionals in the US, UK, Germany and France.

It found that although 91 percent of those surveyed experience at least a low-degree of work-related stress, and almost half (46 percent) of those professionals claimed their stress levels had risen over the past 12 months, their root causes differed based on their jobs. While six percent of all professionals claim to be "highly stressed" due to their work, among CISOs, ITOs, CTOs and global IT strategy directors, the number climbs to 33 percent.

"We are too reliant on the hero mentality – we have some people who are working 16- to 18-hour days at times," one UK-based CISO at a large police force told researchers. "That's not sustainable, and we certainly shouldn't be expecting people to put in those kinds of shifts as a part of our capability. They'll burn out."

C-Suite Stressors

When given a list of 12 potential causes, 52 percent of C-Suite respondents chose securing a remote work force as their No. 1 stressor, with that rising to 60 percent among "highly-stressed" C-Suite execs. It's worth noting that by now, we're more than two years into the COVID-19 pandemic and related work-from-home shift.

"People are under more stress because of COVID," noted one CISO, of a German-based international healthcare group in a follow-up interview. "They rely more on their home routers, home networks. The attack surface has expanded exponentially."

Digital transformation impacting security posture was the second most selected root cause (51 percent) followed by ransomware threats (48 percent). 

Different stressors for SecOps

Meanwhile, security execs reporting to the C-Suite, list a whole different set of stressors. At the top of the list: 47 percent said it's impossible to stop every threat, yet it's still expected. Similarly, 43 percent said the root cause of their stress is the expectation to always be on call, and 40 percent cite both inadequate existing security stack and insufficient SecOps staff.  

The survey also asked respondents to choose the single biggest external threat that they considered the most significant, and these answers run the gamut.

• Global pandemic was good for business, say UK infosec pros – but we're still burning out
• Healthcare organizations face rising ransomware attacks – and are paying up
• Half of developers still at screens even during breaks
• Stressed-out IT workers, software devs – we're not being funny but have you tried rebooting your breathing?

Out of 1,000 respondents, 14 percent listed supply-chain attacks like what happened with SolarWinds and Kaseya, while 13 percent cited ransomware, and 11 percent said machine-learning-based attacks. 

Another nine percent cited nation-state, nine percent also went with file-less attacks, and eight percent chose either potentially unwanted applications or weaponized files uploaded via SaaS apps. 

In a three-way tie, seven percent cited either file-based attacks, phishing or insider threats. Coming in at the bottom of the list, six percent listed zero-day attacks.

"The results show there is not one clear winner, which reinforces why stress levels are so high," the report authors noted. "Without a singular focus on one type of attack, resources are stretched thin, and it's obvious to see how a SecOps team may feel deflated against the challenges they face." ®