Job satisfaction has plummeted for CISOs over the last year, with three quarters (75%) actively considering a career change, according to new research from IANS and Artico.
The share of CISOs who described themselves as satisfied with their job dropped by 10 points to 64%, the study found, raising concerns over a potential brain drain of senior security practitioners.
More than 660 CISOs contributed to the research, dubbed the State of the CISO 2023-2024 report, with researchers gauging the thoughts of security executives across a range of industries. .
The report found that, while many CISOs remain optimistic about the prospect of harnessing new technologies and improving productivity, the majority feel overworked and under-supported.
For example, CISOs now increasingly fear that they will be held to a C-suite level of accountability by regulators.
Conflictingly, only 20% of CISOs are regarded as C-suite level by other executives, and just 50% engage with the board regularly. In turn, 28% of CISOs without board engagement are satisfied compared to 57% with at least infrequent or ad-hoc board engagement.
"We see CISO satisfaction positively correlated with access and influence at the board level”, said Steve Martano, a partner in Artico Search’s cyber security practice and IANS Faculty member.
“CISOs with a strong rapport with their boards feel more valued and generally report they are ‘heard’, even when there are disagreements on budgeting”.
Even those with board engagement are bereft of the proper executive training, however.
Only 20% of CISOs suggested that they had received internal mentoring from non-tech colleagues, and, with the value of this training equivalent to more than $200,000, disgruntled CISOs are inevitable.
CISOs don’t get the decision making guidance to make up for this either, with 85% indicating that their board should offer clear guidance on organizational risk tolerance, compared to just 36% actually receiving it.
CISOs are getting burnt out
The IANS study on CISO job satisfaction aligns closely with previous research on the matter, particularly around issues of overworking and mental health.
A study from Gartner in February 2023 revealed that nearly half of cyber security leaders are expected to change jobs by 2025 due to career-related stress and strenuous working hours.
Fighting the ‘always on’ culture that’s savaging mental health in cyber security
Research from Tessian, meanwhile, found that increased demands being placed on senior practitioners has led to a toxic culture of overworking and excessive hours, with CISOs found to work an average of 11 additional hours each week.
This, the study pointed out, has led many to miss important life events and holidays, and is having an adverse impact on their mental and physical wellbeing.
