More automation, not just additional tech talent, is what is needed to stay ahead of cybersecurity risks
- As digital technologies become more prevalent across every type of company, there's little doubt that CISOs are at the center of all this uncertainty.
- That uncertainty is putting even more heat on CISOs already dealing with several other bandwidth, talent and security issues, according to a new survey.
- Just over three-quarters of CISOs believe that their limited bandwidth and lack of resources has led to important security initiatives falling to the wayside.
The turbulence in tech — layoffs, slowing growth, and the hype and hope of AI tools like ChatGPT — is a reality for firms big and small. And as digital technologies become more prevalent across every type of company, there's little doubt that CISOs are at the center of all this uncertainty.
That uncertainty is putting even more heat on CISOs already dealing with several other bandwidth, talent, and security issues, according to a recent survey by extended detection and response platform Cynet.
According to the findings, 94% of CISOs said they are stressed at work, with 65% admitting work-related stress issues are compromising their ability to protect their organization. Among the CISOs surveyed, 100% said they needed additional resources to adequately cope with current IT security challenges.
Just over three-quarters of CISOs believe that their limited bandwidth and lack of resources has led to important security initiatives falling to the wayside, and nearly 80% claimed they have received complaints from board members, colleagues or employees that security tasks are not being handled effectively.
Further, 93% of the CISOs surveyed believe they are spending too much time on tactical tasks instead of performing strategic, high-value work and management responsibilities. "I've always said security has to get out of the dark rooms and into the board rooms," said Jason Rader, CISO at solutions integrator Insight Enterprises. "A CISO is charged with helping with the overall risk profile of the enterprise, not just dealing with the plumbing."
Losing talent because of work-related stress
The ongoing battle for the right tech talent and the financial resources needed to do the job is impacting the teams reporting to CISOs as well, with 74% saying they are losing team members because of work-related stress issues. Nearly half said they have had more than one team member leave their role over the last 12 months.
Stress is also having an impact on hiring. 83% of the CISOs surveyed admitted they have had to compromise on the staff they hire to fill gaps left by employees who have quit their job. "I've never tried harder in my career to keep people than I have in the past few years," said Rader. "It's so key to hang onto good talent because without those people you're always going to be stuck focusing on operations instead of strategy."
But there are solutions — and it's not just finding more talent, says George Tubin, director of product marketing at Cynet. He said CISOs want more automated tools to manage repetitive tasks, better training, and the ability to outsource some of their work.
There also needs to be more board-level discussions about the challenges CISOs are facing regarding talent and financial resources "otherwise this is going to be a continuous cycle of stress," Tubin says. "Boards need people who know the right questions to ask, and CISOs have to be able to clearly explain to the board the challenges they're facing that could affect the security of the company."
When Rader took on the CISO role at Insight a year ago it was after seven years of security consulting for the firm. During that time, he regularly spoke with the board, a practice he continues as CISO. "It's not just the board," he says. " I talk to legal, I talk to other business units. All these people are my partners and working with them enables us to stay ahead of risks."
And even though a third of the CISOs surveyed said they are either actively looking for or considering a new job, that means the majority aren't, despite the stress they're feeling.
"It's not that CISOs don't realize the job comes with a certain amount of stress," Tubin says. "They'd just like some help in managing all they're responsible for so that they can break this cycle."