Splunk has revealed in a new survey that significant numbers of Chief Information Security Officers (CISOs) in the UK have suffered from stress and other negative emotions during 2024 as a result of their roles.
Splunk’s report shows that 35% of UK CISOs have experienced overwork or stress regularly over the past year. Twenty-three percent are actively looking for new roles: a fact that should be of concern for businesses as they look to get to grips with escalating cybersecurity attacks.
Key findings:
UK CISOs, and the teams they manage, have their work cut out for them. According to this year’s UK Government Cyber Security Breaches Survey, the amount of UK businesses suffering a cyber-attack or security breach rose from 39% to 50% in the last 12 months. Splunk’s survey suggests that CISOs are feeling the burn:
87% of CISOs think their role has become more challenging than the same role two years ago
The top-ranked way they felt their role had changed (at 33%) was that it now involved “a faster pace”
35% of CISOs reported regularly experiencing the negative emotions “overwork or stress” in the last year
27% have searched for a new role during the past year, while 23% are currently looking for new opportunities
The top drivers for looking for new roles include stress (44%) and declining mental health (28%)
Sleepless nights for CISOs
Splunk’s survey also indicated that a number of CISOs are experiencing negative effects on their health and wellbeing, particularly when it comes to their lack of rest and recovery. Half of UK CISOs are getting an average of six hours (or less) sleep per night, falling well below NHS guidelines. Almost two-thirds of respondents (63%) feel they lack sufficient time to recharge and maintain work-life balance, and over three-quarters (76%) did not take their full allocation of holiday in the last year.
Work demands are also having an impact on UK CISOs’ personal lives. A third (32%) have missed family engagements due to the demands of their roles and 33% believe that taking a whole weekend off without working is ‘unrealistic’.
The future of cybersecurity under threat?
There are also worrying signs for the wellbeing of cybersecurity teams more broadly.
Over one-third (34%) of CISOs reported observing signs of stress in those they manage, and 34% witnessed evidence of burnout within their teams. With increased cybersecurity headlines and reporting, 31% of CISOs expressed concern that the stress of their teams’ experiences will directly impact business operations and security posture.
For an industry that is already struggling to fill critical skills gaps, the findings cast doubt over the ability of businesses to simply retain their existing cybersecurity talent in 2025, let alone build teams capable of protecting them from cyber threats in the future.
Interestingly, despite clear signs of stress amongst a significant number of CISOs and their teams, fewer than half of the businesses surveyed (36%, according to UK CISOs) provide (or fund) access to mental health services or other wellbeing services.
