- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Overworked CISOs are Skipping Family Vacations and Holidays
Chief information security officers (CISOs) are missing medical appointments and family vacations because their workload is so heavy, according to new research by security company Tessian.
In September, Tessian used third-party survey company Censuswide to ask 300 CISOs in the United Kingdom and United States about their working habits.
Researchers found that a quarter of CISOs had not taken any time off work in the past 12 months and 40% had missed a family vacation due to work. Two out of every five CISOs reported missing out on a national or federal holiday like Thanksgiving because they had to work.
CISOs aren’t just spending more days at work; they are also putting in longer hours. Tessian’s Lost Hours report reveals that CISOs work, on average, 11 more hours than they’re contracted to each week while, one in ten works 20 to 24 hours extra a week.
Working so much is having an impact on CISOs’ health, with only 60% saying that they had enough time to exercise regularly. Nearly half (44%) of the CISOs surveyed said they had missed a doctor’s appointment because they were so busy at work.
Many CISOs (59%) said that they can’t always switch off from work after their working day is over.
Asked how their time is spent, 38% of CISOs said they’re spending too much time in departmental meetings and reporting to the board on cybersecurity, while one-third reported feeling drained by administrative tasks.
Further research, commissioned by Tessian and conducted by Forrester in September, asked 317 security strategy decision makers at organizations in the UK and the US about their working lives.
It revealed that security teams spend up to 600 hours per month investigating and remediating threats caused by human error.
“As security leaders, some of our most exciting stories include pulling all-nighters to defend the organization or investigate a threat. However, we often fail to acknowledge that the need for heroics usually indicate a failure condition and are not sustainable,” said Josh Yavor, Tessian’s CISO.
“Like any job function, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout.”