Being a CISO or Security Leader in today’s InfoSec world is not for the faint hearted. CISOs are some of the hardest working people in any company, regularly working extra hours and overtime to keep the company secure from threats.
But this constant vigilance for threats can mean that CISOs miss out on everything from time with the family to getting enough down time to recharge.
We recently undertook research to see just how much time CISOs “lose” investigating potential breaches and threats and the headline is: security leaders don’t work hard, play hard. They work hard…then work harder.
In fact, 42% say they’ve missed out on a federal or national holiday like Fourth of July, Thanksgiving or Christmas because of work.
You can see the full details here. But here’s some highlights.
CISOs hard work isn’t going unnoticed
While no one wants to miss out on family time, it’s not all bad news. 89% of CISOs we surveyed believe the work they do is appreciated by employees outside their team. Furthermore 66% of employees say they understand the role of the CISO. That’s a ringing endorsement of how valuable and visible the relatively new role of CISO has become in just a few short years.
However, just because the rest of the organization knows who you are and what you do, doesn’t mean it’s plane sailing.
As a result of their demanding roles, CISOs are struggling to keep up with developments that further strengthen the business like training, hiring talent, and staying on top of the latest threat intel.
They’re also missing out on important personal and social things outside of work, like public holidays and family vacations. Most concerning is the fact that some CISOs are even putting their health at risk by skipping workouts or missing doctor’s appointments.
“As security leaders, we need to do a better job of communicating capacity constraints. As long as we’re communicating effectively, I’m accountable for ensuring that my team is committed to reasonable expectations around delivery of work.
What are CISOs busy doing?
So where is all the time going? What is it that’s causing CISOs to lose, on average, 11 hours a week in overtime?
According to Forrester’s research, organizations spend up to 600 hours per month resolving employee-related email security incidents.
And a quarter of CISOs say they spend 9-12 hours investigating and remediating each threat caused by human error, while more than 1 in 10 spend more than a day investigating and remediating each threat caused by human error.
On top of this, 38% believe they’re spending too much time in meetings and reporting to the board, and 33% also feel as though they’re being drained of time because of other administrative tasks.
Looking for more detail on the things that are taking up CISOs time? We’ve got you covered here, but it’s clear that investigating breaches and dealing with the fallout from them is a major drain on time, resources, and mental health.
What would you do if your schedule was cleared?
We asked CISOs what they would do if they were able to claw back those Lost Hours, and it turns out their three primary objectives are:
- Spending time with family/friends
- Further strengthening the business
Did you know that organizations with over 1,000 employees could save as many as 26,357 hours a year by automating security with Tessian?
While Tessian’s Human Layer Security platform can help you automate your security, which would help you strengthen your email security defenses and save you time, we’d rather use this opportunity to share some mindfulness and productivity tips to help you switch off.
• Share the load: While – yes – CISOs are the Head Honcho within IT and security teams, that doesn’t mean you have to do everything. Remember that delegation is validation, it’s okay to ask for help, and your best bet is to prioritize, then divide and conquer.
• Set boundaries and stick to them: It can be difficult to establish a division between work and life. With mobile access to Slack, email, and Google Docs, “work creep” can seem inevitable. Likewise, if you’re working from home, personal tasks can take up mental space that could compromise your productivity. That’s why you need to define your work space and working hours, and try to create healthy habits that give you a chance to recharge.
• Unplug (like, actually…): This is easier said than done, especially when CISOs are considered the superheroes of any organization. “When duty calls”, right? Yes and no. If you don’t take time for yourself, you won’t be up for the job. Consider mindfulness apps for day-to-day relaxation, and limit the number of people who have access to you while you’re OOO.
Ready to learn more?
Want to find out how your security teams and employees can reclaim their Lost Hours? Get in touch with the Tessian team today to learn how Human Layer Security can help stop “Oh Sh*t!” moments from clogging up your schedule.