In certain instances, we may earn revenue when a reader makes a purchase or completes a form through our pages or on a partner’s website. We adhere to a strict 
One in four cybersecurity leaders plans to quit, and a survey shows some shocking impacts of an ever-escalating job that is leading to ‘cybersecurity burnout‘ — with constant stress on cybersecurity teams.
98% of 500 U.S. and UK leads surveyed said they worked at least an extra nine hours above their contracted hours a week — and 48% said they had used alcohol or drugs to relieve the stress of the job.
Long gone are the days when a cyber attack might have been an afterthought on a C-Suite agenda, or when a VPN and taking care of your password might have been enough.
Now, the constant stress of ransomware attacks, AI-powered security breaches, protecting your customer data, and knowing any gap in a company’s security can lead to financial and reputational damage…
We spoke to cybersecurity leaders and the study’s conductors to discuss the harsh reality, cybersecurity burnout, and the burden of protecting a business in today’s constant battlefield.
Key Takeaways
- 24% of cybersecurity leaders plan to quit due to job stress and burnout, according to BlackFog.
- 98% of surveyed leaders work an additional nine hours per week beyond their contracts.
- Nearly half of the respondents resort to drugs or alcohol to cope with job pressures.
- Cybersecurity leaders demand bigger budgets and more resources to handle growing threats like AI-powered attacks.
- High turnover among cybersecurity professionals jeopardizes organizational security.
- Show Full Guide
The Toll of Cybersecurity Stresses: The Stats
- 24% of CISOs and IT Security decision-makers are looking to leave their roles.
- 54% are open to new opportunities.
- 93% say stress and job demands are driving the decision to leave their roles.
- 98% work on average an extra 9 hours per week beyond their contract.
- 45% have used drugs or alcohol to manage stress.
- 42% worry about AI-powered attacks.
- 37% say malware and ransomware cause the most stress.
- 41% want bigger budgets for security tools.
Survey of 500 Security Leaders in U.S. and UK between July – August 2024
BlackFog’s October 15 report for IT Security Leaders found that stress is profoundly impacting cybersecurity leadership roles.
Blackfog found that to cope with the stress, some security leaders use strategies like sports, while nearly half (45%) turn to drugs or alcohol.
More concerning is the isolation, virtualization, and alienation that they experience socially. The majority (69%) of security leaders said they have withdrawn from social activities in the past 12 months.
Techopedia spoke to Dr. Darren Williams, founder and CEO of BlackFog, the cybersecurity firm that conducted the study.
Dr. Williams told Techopedia that these demanding roles have become even more pressurized as the scale and sophistication of cyber threats intensify.
“We’re now in the era of AI-powered threats, which adds to the challenges, as threat actors have the capability to launch attacks on a different scale.
“Criminal gangs are also increasingly using new tactics to circumvent traditional security solutions, and one of the most significant shifts is that ransomware attacks involving data exfiltration are now the norm.”
Dr. Williams recognized that cybersecurity doesn’t always get the attention it needs from within the organization.
“Support from management is absolutely vital to ensure that teams have the resources and manpower they need to deal with these threats,” Dr. Williams said.
Ani Banerjee, CHRO at KnowBe4, a company that helps organizations strengthen their security culture with simulations and training, told Techopedia the entire tech industry faces stress and burnout — but cybersecurity leaders get the worst of it.
“It is important for us as leaders in cybersecurity to rely upon our network of professionals in the industry, not only for best practices, but to lean on each other as to how we can cope with it.
“More importantly, it is important for CISOs to gain the support, partnership, and collaboration of their fellow C-Suite leaders, especially their CHRO [Chief Human Resources Officer) and CLO [Chief Legal Officer].”
By getting support in the areas needed security leaders can mitigate the burnout and focus on the “marathon of a battle” they face everyday.
Of those planning to leave security leadership roles, almost all (93%) said stress or the demands of their job are the reason why. Interestingly, the report also found that security leaders are working an average of nine extra hours each week beyond their contracted time.
Additionally, they generally do this in a non-supportive environment. BlackFog’s report found that there is a clear disconnect between what security leaders need and what their organizations provide.
Many security leaders said they need larger budgets to invest in essential security tools, as well as more time to focus on addressing the critical issues that require their attention.
More C-Suite Support Required
Nearly half of security leaders who reported actively looking for a new role say they don’t see eye-to-eye with senior leadership on major issues.
Security leaders who feel their professional opinion is ignored by senior leadership are more likely to work at mid-sized organizations with between 1000 and 4999 employees.
We asked Dr. Williams what organizations can do to support their workers.
“The cybersecurity leader’s role comes with huge challenges and enormous pressures, but there are encouraging signs that we’re seeing positive steps from organizations to support their teams.
“They’re invaluable to the organization, so we need to ensure that they have the resources to do their job, as well as support across the leadership team.
“Measures such as flexible working and hybrid working are important to maintain a good work-life balance.
“The findings from our research also show that security leaders are taking good steps to look after their own health, which is vital for managing stress.”
Dr. Williams explained that these cybersecurity roles can be hugely rewarding and sought-after.
“Anything which organizations can do, from practical resources to working practices and processes for providing emotional support, could make a big difference.”
Seth Geftic, Vice President of Product Marketing at Huntress Labs, a platform providing endpoint, identity, and employee cybersecurity, told Techopedia that security leaders highly appreciate investing in wellness programs and offering remote positions.
“I think one of the major problems facing CISOs is that there’s no end point for the job. There are always new vulnerabilities to address, technologies to learn about, and developments to consider, making it really hard for these leaders to switch off.”
Geftic spoke about how budget constraints, layoffs, limited personnel and resources, AI attacks, and putting the responsibility on a single person, generate the stress and burnout CISOs are feeling.
Geftic said that providing mental health support to address the psychological impact and setting realistic expectations can reduce the pressure experienced by these leaders.
How Burnout in Cybersecurity Can Impact Security
In the end — and in the beginning — a company that invests to provide its security leaders with all the resources they need will see impacts on their performance.
Dr. Williams added:
“Burnout and churn is a vicious cycle in any profession and certainly not confined to cybersecurity.
“Professionals working in this industry will know that it requires high focus and dedication, but that shouldn’t be at the expense of their well-being.”
Naturally, high levels of churn among cybersecurity professionals also jeopardize the organization’s overall security stance.
Dr. Williams explained that turnover rates can disrupt the cybersecurity team’s everyday operations and hinder their ability to implement significant strategic changes.
Matt Muller, Field CISO at Tines, a secure workflow provider chosen by companies like Okta, Canva, Coinbase, GitLab, Databricks, and others, told Techopedia that communication has long been a sticking point for security teams.
“Too often, security teams and the business have different vocabularies, so they end up speaking past each other — and the lack of this communication often creates silos, causing practitioners to feel isolated.
“Their frustration stems from the necessity to simplify and convey complex information to less familiar stakeholders while also managing an overwhelming amount of data from multiple technologies, which consumes too much of their time.”
Muller said that organizations that do not provide support and gather feedback from security leaders risk impacting their reputation and their bottom line.
Should Companies Invest in Automation and AI Tools?
Artificial intelligence cybersecurity methods, still in their infancy, and the automation of compliance and security tools may seem like solutions to tackle skills and resource shortages.
However, many experts believe these tools are not always as efficient as presented.
We asked Muller from Tines how automation should be deployed within an organization. Muller said it’s not just a matter of bringing in more people or getting more AI tools but of better utilizing resources.
“Organizations must optimize their resources (…) and break down silos,” Muller said.
“Most of this can be accomplished through orchestration and automation because when organizations free up their practitioners to focus on valuable work that genuinely leverages their expertise, it ultimately boosts their productivity and their relationship with their work.”
The Bottom Line
The new BlackFog report is a clear red flag that speaks of how stress has moved from burnout to people wanting to leave their jobs. While this issue is not entirely new, the escalation of problems it creates is.
In the end, it becomes clear that security leaders facing added pressures and demands must be supported and receive the tools they need to do their work.
As long as this disconnect exists between executives and security leaders who are on the front lines and know what is needed, the problem will only get worse.
FAQs
Why are cybersecurity leaders leaving their jobs?
How much extra time do cybersecurity leaders work?
What percentage of security leaders have used drugs or alcohol to manage stress?
What are the biggest concerns for cybersecurity leaders?
References
- Managing Expectations and Job Satisfaction FOR IT SECURITY LEADERS (Privacy BblackFog)
- Darren Williams – Forbes Technology Council | LinkedIn (LinkedIn)
- BlackFog Anti Data Exfiltration and Ransomware Prevention (BlackFog)
- Ani Banerjee – KnowBe4 | LinkedIn (LinkedIn)
- Security Awareness Training | KnowBe4 (KnowBe4)
- Seth Geftic – Huntress | LinkedIn (LinkedIn)
- Managed Cybersecurity Platform for SMBs and IT Providers | Huntress (Huntress)
- Matt Muller – Tines | LinkedIn (LinkedIn)
- Tines | The smart, secure workflow builder (Tines)
