Two-Thirds of IT Workers are Stressed Out & Quitting: Report
The average tenure of a chief information security officer is 18 to 24 months; exemplifying the stress levels of the IT sector in protecting organisations online.
I.T. specialists are feeling more stress than ever before, despite the fact there's an exponential need for their skill set, according to a new report showing high levels of stress and turnover for IT specialists working in organisations around the globe. In addition, those in a chief information security officer role - CISO - say they are under-resourced to effectively address problems facing organisations and are turning to substances to curb their high levels of stress.
Nominet’s methodology comprised of 408 interviews with chief information security officers overseeing security for organisations with an average of 8,942 employees; 207 companies in the US and 201 companies in the UK… you can access the report in full here.
“The majority of CISOs say they don’t have enough resources to defend the organisation they are trying to protect, with the largest deficit being people.”
One key finding of the report is that “the majority of CISOs say they don’t have enough resources to defend the organisation they are trying to protect, with the largest deficit being people. This reduces security effectiveness, with nearly 70% having found malware hidden on their networks for an unknown period of time - in some cases over a year.” According to data cited by CNBC, “a recent report from the Ponemon Institute found that 65% of IT and security professionals consider quitting due to burnout… and there are nearly 3 million unfilled cybersecurity positions at companies worldwide.”
This is, in turn, having an impact on the stress levels of IT workers, whom, the report found that every single CISO questioned found their role stressful. Compare the statistic that the average tenure of a CISO stands at 18 to 24 months, compared to 6.2 years for a chief financial officer, and 8.4 years for a chief executive officer.
“91% [said] they suffer moderate or high stress and 60% adding they rarely disconnect. 88% of CISOs surveyed are also doing more than the average 40 working hour weeks. Worryingly, a quarter think the job has had an impact on their mental or physical health, with the same starting that it has had an impact on their personal and family relationships. Nearly 17% of CISOs are either medicating or using alcohol to deal with job stress.”
According to the report’s findings, “one anonymous CISO admitted to a period of 400 days lapsing before they were able to uncover the threat.” Other key findings mentioned in the report are the statistics that “nearly 70% found malware hidden on their networks for an unknown period of time - in some cases over a year,” as well as the fact that “70% agree a cybersecurity specialist should be on the board,” signaling a lack of communication between IT specialists and other decision-makers in an organisation.
“Between CISOs being aggressively recruited and a large percentage of the security workforce weighing their employment options, organisations can’t afford to make the wrong choice when it comes to hiring - and retaining - a CISO,” the report states.
The report also goes on to quote an anonymous senior cyber security figure rom a major organisation with more than a billion-dollar market cap who reflected on their experiences with data breaches.
“When it happened, the management team very quickly escalated the situation beyond members of the technical security team, even though they had valuable specialist knowledge. Their presence was not required in the room where decisions were made. Once the media become involved, corporate politics drove the situation. It made effective response harder and ultimately, I believe best-practice suffered.”
“It’s a very stressful industry, no doubt. You are often faced with an impossible position trapped between internal teams, auditors, compliance teams, regulators and numerous extremely challenging technical situations, for which are no quick, easy and cheap fixes.”
“The pace of technological change combined with the desire to exploit the latest and greatest solutions just adds to the overall complexity and pressure For frontline teams, the people monitoring threats are okay because they just pass it on up the ladder. However, when you have to report the action threats to exec teams, that’s when the stress starts to build because you are delivering unwelcome news which is often also seen as a failing.”
Dr Dimitrios Tsivrikos, a business psychologist and lecturer at the University College London says that “CISOs are a group of employees faced with the overwhelming pressure of adopting, protecting and safeguarding private and business data,” and in respect, the following considerations should be in place in organisations globally, according to Nominet.
“Be proactive and informed about the right tools that are available to protect your business from a potential cyber attack.”
“Be vocal about your levels of stress to both work colleagues as well as family.... Silence kills when it comes to stress-related incidents.”
“Explore healthy ways of decompressing at home. Alcohol and excessive eating are short-term solutions and won’t provide the long-term benefits that will relax you and energise you for a busy work day.”