While CISOs may feel general job satisfaction, they do have different job fulfillment criteria than other cybersecurity professionals. For example, CISOs attribute satisfaction to business management’s commitment to cybersecurity, as well as the ability to work closely with business units and attain a competitive salary. Alternatively (and not surprisingly), non-CISOs attain job satisfaction when their organization provides opportunities for career advancement.
Once again, this illustrates the business aspects of a CISO role. These individuals measure their own performance based on their ability to support and protect the business, and the business’s commitment to strong cybersecurity. If either of these things aren’t present, CISOs will either brood or (more likely) run to the exit door.
CISO job stresses
Despite CISO job satisfaction, the data clearly indicates that this position includes an unhealthy dose of on-the-job stress. In fact, 62% of CISOs claim that their job is stressful at least half the time. While non-CISOs are also stressed (another alarming trend), 51% claimed that their job is stressful half the time, further illustrating the pronounced pressure associated with a CISO position.
Like their non-CISOs colleagues, CISOs are particularly stressed by things like an overwhelming workload, working with disinterested business managers, and keeping up with the security requirements of new business initiatives. It’s worth noting that 26% of CISOs are also stressed about monitoring the security status of third parties their organization does business with (e.g., suppliers, business partners, customers) as compared with 12% of non-CISOs.
Third-party relationships are often associated with business processes (e.g., suppliers, contractors, outsourced partners) and therefore tied closely with business units. Unfortunately, security teams probably don’t have deep visibility into the day-to-day security performance at these firms. This mix of business criticality combined with a lack of continuous oversight appears to create a recipe for CISO angst.
An overwhelming workload, job stress, and expanding responsibilities seem to lead to an inevitable result: 36% of CISOs say it is very likely or likely that they will leave their current job within the next year, compared with 26% of non-CISOs. Yes, some CISOs will seek other employers, but nearly half (46%) have considered leaving cybersecurity altogether, compared with 28% of non-CISOs. Why would CISOs move on from cybersecurity? As I mentioned in my previous blog, 65% say they have considered a departure due to the high stress associated with a cybersecurity job, 43% claim they are frustrated because their organization doesn’t take cybersecurity seriously, and 39% say they are close to retirement age and will leave the cybersecurity profession upon retirement.