CISOs are missing holidays due to excessive overtime

The heavy demands of the chief information security officer (CISO) role are leading to security leaders working excessive hours and missing life events such as family gatherings and national holidays.

New research from Tessian has shown CISOs are working an additional 11 hours every week on average to meet the demands of their role, and nearly one in ten work an additional 20-24 hours every week.

Two-fifths of CISOs also said they have had to miss family events such as Christmas, while 40% also admitted to having to miss family holidays because of the demanding nature of the job.

What's more, the majority of leaders (59%) report that they feel unable to switch off from the job even when they log off for the day.

The findings echo the points made by Autonomy earlier this year. The thinktank called for new legislation around overtime, mandating every UK worker's 'right to disconnect'. The proposed legislation would mandate a worker's right to ignore work-related calls and emails outside of work hours and while on leave.

Extra time spent in the office is also contributing to a significant portion of CISOs reporting the job impacting their personal lives and overall health.

Nearly half of those surveyed (44%) said they have been forced to miss engagements such as doctors appointments because of pressing matters at work. A third of respondents also said they have been unable to exercise due to work commitments.

CISOs report that attending too many meetings was the chief cause of misspent time at the office, 38% said this affected their role while 37% also said reporting to the board also occupied a large portion of their time.

A little more than a third of security leaders are also spending large chunks of time delivering security training for employees and spending too much too much time investigating and remediation cyber security threats.

"There is this unfortunate trend of heroism in the security industry," said Josh Yavor, CISO at Tessian. "As security leaders, some of our most exciting stories include pulling all-nighters to defend the organisation or investigate a threat. However, we often fail to acknowledge that the need for heroics usually indicate a failure condition and are not sustainable.

"Like any job function, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout," he added. "As leaders, it’s critical that CISOs are able to lead by example and to set their teams up for sustainable operational work. Heroics are sometimes unavoidable, but we should be accountable for ensuring they are not the norm."

Long hours leading to burnout in the industry are unfortunately commonplace across the tech industry.

Reports earlier this year revealed that 83% of software developers were suffering from burnout with most of them attributing high workloads as the prime reason for the condition.

The industry trend of workers claiming to be burnt out in their jobs is leaving tech workers in mental ruin and has driven some to drastic lengths such as suicide, said Amber Coster, founder at Balpro, as part of an IT Pro investigation into the issue.

Others who have also spoken on the topic said businesses must foster a culture of openness when it comes to mental health and ensuring measures are in place to ensure employees are as comfortable as possible to complete their duties.