Stress is affecting the performance of almost 1/2 of security teams. What tools do you have in your security kitbag?
We live in challenging times. Organisations are dealing with constant security threats, a fractured workforce and remote working arrangements that open the door for shadow IT, and an uncertain business landscape.
It is extremely stressful. And that is having an effect on Chief Information Security Officers (CISOs) and their staff.
In a recent ClubCISO Information Security Maturity Survey of 100 CISO members, we found that a quarter of CISOs are currently experiencing stress, and 61 per cent say their stress levels have increased over the past year.
And that stress isn’t on CISOs alone. 42 per cent of CISOs believe their teams are so stressed that it is affecting their performance.
Those worrying numbers are supported by other studies. For example, Nominet’s recent CISO Stress Report found almost nine in 10 CISOs report high levels of stress, with a third reporting stress-caused physical health issues and half reporting mental health issues. Two in five CISOs went on to share that their stress levels had affected their relationships with their partners or children.
These impacts on our security leaders and teams may have a lasting effect not only on our jobs but on our lives. CISOs and other C-suite leaders should be equipped with knowledge and ways to manage stress and anxiety.
That’s why ClubCISO, powered by Telstra Purple, has partnered with Thrive, a mental health and wellbeing company, to deliver virtual stress management workshops. Here’s what we found following the first two workshops.
Examining the contents of the ‘stress barrel’
Workshop attendees were first asked to look at what was in their stress barrels—an imaginary barrel containing stressors and triggers in their professional and personal lives. Continued flow of stress into our barrels can lead to us feeling overwhelmed.
Among the issues that CISOs saw filling their barrels were tight deadlines, heavy workloads, longer hours when working from home (especially for global CISOs dealing with multiple time zones), and increased expectations. They add to the normal stresses of CISO life – being on high alert during security incidents, for example – and are exacerbated by the impact of those demands on their teams and family members.
So, how can we identify those who are struggling? Attendees said that they were keeping an eye out for people who are trying to shut down conversations or being disengaged or defensive, those fumbling at work, or who exhibit a “do not disturb” attitude.
How to make wellbeing a priority
Making wellbeing a top focus in stressful times can sound difficult—but there are simple steps that can be implemented across organisations. The workshop identified 10 top tips to identify and prioritise wellbeing, even in the midst of uncertainty:
- Enable EAP (Employee Assistance Programs) and counselling services.
- Treat staff as individuals. Ask them what they need to thrive and grow.
- Provide training to identify risks, recognise signs of stress, and model good behaviour to support themselves and others.
- Create robust wellbeing policies and use them every day.
- Improve the work environment (e.g. noise, temperature, light).
- Promote wellbeing and positive working relationships.
- Encourage exercise and social events.
- Develop a good work-life balance.
- Identify sources of support—internally and externally.
- Enable mental health first aid (MHFA) trained staff.
The idea isn’t to create a stress-free environment, but to manage and enable teams to deal with the pressures the world is throwing at them. That requires a change in mindset – not only to understand every staff member is unique, but to make sure it’s widely known that no employee is on their own.
As one CISO noted,
“Sometimes knowing we’re all in similar boats is enough to realise it’s not all on our own shoulders!”
Join the ClubCISO community today to help define, support and promote the critical role and value of information security leaders in business and society. Please visit www.clubciso.org/membership/.
Or, for more information about Thrive, visit www.itstime2thrive.co.uk, to discuss your company’s mental health and wellbeing strategy.