Stephen Amstutz, Director of Innovation, Xalient, on how SASE empowers CISOs to combat stress and burnout.
A recent study by ISC2 reveals that 73% of Chief Information Security Officers (CISOs) in the US reported experiencing burnout over the past year.
According to this Voice of the CISO report 61% of CISOs said they face excessive expectations from their employers. Additionally, owing to the cybersecurity skills gap, many CISOs must continue to defend their companies with incredibly stretched resources and a mounting list of tasks that fall at the CISO’s feet.
- A lack of resources and skills was highlighted in our latest research report Why SASE is the Blueprint for Future-proofing Your Network in 2025 and Beyond which polled 700 organizations that had already implemented a Secure Access Service Edge (SASE) solution, which robustly converges network and security to improve organization’s security posture, reduce complexity and increase scalability. We found that 82% of research respondents said finding, recruiting, and retaining the specialist security skills they need to protect their organization from new and growing threats that impact the network is a major challenge. This is all contributing to additional pressure being placed on already strained security teams and CISOs.
The pressure of personal liability
To add to this, growing regulation and legislation means cybersecurity leaders are becoming more concerned about personal liability, particularly since the criminal case against Uber Technologies’ former security chief. Uber Technologies was involved in several criminal cases, including a data breach and a former Chief Security Officer’s conviction for obstructing a Federal Trade Commission (FTC) investigation.
Hacks on companies’ IT systems often come with business disruptions, reputational damage, regulatory investigations and lawsuits. CISOs must manage cybersecurity risks and, at the same time, educate C-suite colleagues and the board about the ramifications. All these pressures put CISOs at risk of quitting their jobs. In fact, 50% of current CISOs are expected to change jobs by 2025, according to a Gartner study.
Burnout due to relentless change
There are several other contributing reasons that mean many CISOs are looking to walk. First, the complexity of IT environments and architectures means there’s a larger number of threats that CISOs need to address which all require their own specific strategies, objectives, plans and projects in place to manage. The new ‘work from anywhere’ paradigm also adds to this complexity and has expanded the threat surface, as CISOs must ensure that remote employees can access their systems in the same way they would if they were in the office.
Second, criminals’ methods of attacking organizations are becoming increasingly sophisticated and the advent of cloud and multi-cloud environments has created a challenging landscape for CISOs to protect. As the adage goes, threat actors only need to succeed once while CISOs have to protect data 100% of the time. Advances in AI and generative AI, in the hands of cybercriminals, make the threat landscape even more challenging. and, according to Deloitte’s 8th NASCIO Cybersecurity Study, as the attack surface expands and new cyber threats emerge, this brings substantial risks to organizations’ data security.
Back to Xalient’s research, a staggering 99% of organizations we surveyed experienced a security attack in the last 12 months with 44% of respondents saying a recent breach had originated via a remote or hybrid worker. Organizations are under constant attack and CISOs cannot let their guard down if they are to protect their corporate assets, the job is never truly finished.
Talking in the right language
CISOs need to translate technical information on security and threats into business conversations or impact statements that CEOs or CFOs might better understand. However, CEOs are demanding more updates from senior security leaders and the expectation to demonstrate ROI on security spending appears to still be hit or miss. That said, cybersecurity leaders who can calculate and communicate ROI on key cybersecurity projects, initiatives, and operations are better able to effectively navigate budgeting decisions.
As outlined above, the skills shortage is also exerting pressure on CISOs. Sometimes teams are having to manage on very tight budgets with few resources, and that’s especially true in relation to security specialists across every layer and into senior levels. In parallel CISOs are under pressure to adapt to new regulations, such as those from the U.S. Securities and Exchange Commission (SEC), the EU NIS2 and DORA, which all have cybersecurity disclosure requirements as authorities seek to elevate cybersecurity performance, gain an accurate picture of risk and tip the scale in the defenders’ favour. To meet these new regulations and be compliant will involve more auditing and more reporting – requiring more skills and more resources.
How SASE solutions reduce pressure on CISOs
With these regulatory obligations and government oversight of cybersecurity on the rise, CISOs need vendors and partners they can trust and who can provide solutions to all these challenges. This is one of the reasons we are seeing a marked uptake in the adoption of SASE. In fact, according to its 2024 CIO and Technology Executive Survey, Gartner expects that 60% of enterprises will have clear-cut strategies to adopt SASE by 2025. Why is this the case?
SASE creates a single network for all an organization’s data centers, offices, and remote workers. It simplifies access rights by utilising unique user identities and policy definitions. A secure network infrastructure typically requires multiple different solutions and can become unmanageable, due to significant administrative overhead which can result in poor performance.
SASE provides robust security features in a simple package that doesn’t impact the speed of the network and is a natural progression of security for a workforce that’s ever more geographically distributed, where traditional network infrastructures struggle to manage increasing numbers of remote workers. From the security team’s perspective, key drivers for adoption that respondents from our research cited included secure remote access, fear of breach – including the regulatory, reputational and financial impacts – and the rising costs of traditional network infrastructure.
While SASE certainly isn’t the silver bullet to alleviate all the pressures CISOs are under right now, it can help to overcome some of the stresses around skills, lack of resources, costs and performance while providing a more secure environment. Perhaps this is one of the reasons that Gartner is predicting such impressive market adoption in 2025 and beyond.
In conclusion, SASE brings CISOs innovation and resilience. It’s cutting-edge technology that protects data and safeguards the well-being of those on the front lines of cyber defense, while enabling organizations to improve network performance and reap the benefits of cloud. As the digital battlefield intensifies, SASE offers a path to both enhanced security and reduced burnout for CISOs.
