Data breach epidemic takes its toll

New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.

  • Friday, 13th December 2024 Posted 6 months ago in by Phil Alsop

Splunk has revealed in a new survey that significant numbers of Chief Information Security Officers (CISOs) in the UK have suffered from stress and other negative emotions during 2024 as a result of their roles.

Splunk’s report shows that 35% of UK CISOs have experienced overwork or stress regularly over the past year. Twenty-three percent are actively looking for new roles: a fact that should be of concern for businesses as they look to get to grips with escalating cybersecurity attacks.

Key findings:

UK CISOs, and the teams they manage, have their work cut out for them. According to this year’s UK Government Cyber Security Breaches Survey, the amount of UK businesses suffering a cyber-attack or security breach rose from 39% to 50% in the last 12 months. Splunk’s survey suggests that CISOs are feeling the burn:

87% of CISOs think their role has become more challenging than the same role two years ago

The top-ranked way they felt their role had changed (at 33%) was that it now involved “a faster pace”

35% of CISOs reported regularly experiencing the negative emotions “overwork or stress” in the last year

27% have searched for a new role during the past year, while 23% are currently looking for new opportunities

The top drivers for looking for new roles include stress (44%) and declining mental health (28%)

Sleepless nights for CISOs

Splunk’s survey also indicated that a number of CISOs are experiencing negative effects on their health and wellbeing, particularly when it comes to their lack of rest and recovery. Half of UK CISOs are getting an average of six hours (or less) sleep per night, falling well below NHS guidelines. Almost two-thirds of respondents (63%) feel they lack sufficient time to recharge and maintain work-life balance, and over three-quarters (76%) did not take their full allocation of holiday in the last year.

Work demands are also having an impact on UK CISOs’ personal lives. A third (32%) have missed family engagements due to the demands of their roles and 33% believe that taking a whole weekend off without working is ‘unrealistic’.

The future of cybersecurity under threat?

There are also worrying signs for the wellbeing of cybersecurity teams more broadly.

Over one-third (34%) of CISOs reported observing signs of stress in those they manage, and 34% witnessed evidence of burnout within their teams. With increased cybersecurity headlines and reporting, 31% of CISOs expressed concern that the stress of their teams’ experiences will directly impact business operations and security posture.

For an industry that is already struggling to fill critical skills gaps, the findings cast doubt over the ability of businesses to simply retain their existing cybersecurity talent in 2025, let alone build teams capable of protecting them from cyber threats in the future.

Interestingly, despite clear signs of stress amongst a significant number of CISOs and their teams, fewer than half of the businesses surveyed (36%, according to UK CISOs) provide (or fund) access to mental health services or other wellbeing services.

Vanta has released its Trust Maturity Report, offering a data-driven look at how organizations are evolving their security programs in an...

OT cybersecurity risk rises up the leadership ranks

Posted 22 hours ago by Phil Alsop
More than half (52%) of organizations report that the CISO/CSO is responsible for OT, up from 16% in 2022, while 95% of organizations report that the...

Industry gap in operationalising threat intelligence

Posted 23 hours ago by Phil Alsop
Cyware has released new research revealing that a majority see the importance of having a Threat Intelligence Program and have started a Program.
DigiCert has released new findings from its Trust Pulse Survey highlighting the business impact of mismanaged digital certificates. Nearly half of...
Contents Table: Make Payments Painless Spot the Symptoms of ‘Growth Gone Wrong’ Early Don’t Just Grow: Optimise Build a Stack That...
Trend Micro has published research revealing that while organisations are embracing artificial intelligence to strengthen cyber defences, many are...
Over 40% of agentic AI projects will be cancelled by the end of 2027, due to escalating costs, unclear business value or inadequate risk controls,...
The majority (83%) of IT and business professionals in Europe believe employees in their organisation are using AI.