TALKING

I think the broad answer is yes . While this is mainly anecdotal , there ' s plenty of surveys and research indicating that CISOs are under increasing amounts of work-related stress . A study conducted by Australian non-profit , Cybermindz and the University of Adelaide , found that cyber professionals scored higher on a burnout scale than the general population – with some scores exceeding those of frontline health workers .

What challenges are contributing to this rise in stress / burnout as they navigate their work life ?

I think there are four sources we can point to . First , the complexity of IT environments and architectures means there ' s a larger number of threats that CISOs need to address which all require their own specific strategies , objectives , plans and projects in place to manage . Second , criminal ’ s methods of attacking organisations are becoming increasingly sophisticated and the advent of cloud and multicloud environments has created a challenging landscape for CISOs to provide protection for . Third , is that internally it can be hard to translate technical information on security and threats into business conversations or impact statements that CEOs or CFOs might better understand . This can then impact how CISOs respond to threats such as timeliness and prioritisation of resources for projects that protect certain assets .

Finally , we ’ re currently facing a talent shortage in the technology space . Sometimes teams are having to manage on very tight budgets and few resources , and that ’ s especially true in relation to security specialists across every layer and into senior levels .

What can businesses and society do to assist CISOs in their day-to-day work ?

The responsibility is on executives and boards to seek to understand the complexity of cybersecurity challenges that CISOs are trying to respond to , ensuring it ’ s a regular topic of review . Just like they would review financials or a strategic marketing plan , boards should regularly seek to understand their organisation ’ s capabilities , readiness and resiliency in relation to cybersecurity threats . More broadly , Tertiary institutions and education play a role in influencing how future leaders manage these new stresses . Whether this means investing in new skills , so graduates better understand the systems they ’ re working with , or providing on the job experience , to better prepare them for those working environments , so upon entering that senior level , they ’ re equipped with the skills to better manage those pressures

If the person responsible for your security – and I mean ultimately responsible for the strategy , mission and delivery of security – is burnt out , you can only expect a suboptimal outcome .

Can the adoption of AI and other innovations help reduce the workload and stress experienced by CISOs ?

AI offers great opportunities for low value work to be automated through machine learning , however , it ’ s also another threat plane that CISOs need to

Steve Bray , Head of Australia & New Zealand , Cloudflare

www . intelligentcio . com INTELLIGENTCIO APAC 37