New research reveals that the average security leader in the UK and US works 16.5 hours every week over what they are contracted to work.
This is an increase of 5 and a half hours compared to the same figures last year (11 hours extra per week in 2021), as observed by email security firm, Tessian, as part of their annual ‘Lost Hours’ report series.
Research findings
The data also revealed that one in three security leaders (33 percent) are working over 20 hours extra a week, and one in five (18 percent) work over 25 hours extra a week. In 2021, just 9 percent of security leaders worked 20-24 hours extra a week.
Shockingly, one in 10 UK security leaders revealed that they also commit 25-49 hours over what they are contracted to work, every week. Furthermore, 79 percent of UK security leaders admitted that they struggle to ‘always’ switch off from work, and 21 percent say they can ‘rarely’ or ‘never’ switch off. Again, these figures are up from last year, where 59 percent said they struggle to switch off.
Big companies = more overtime hours
Security leaders in companies with under £100,000 revenue work an extra 11.5 hours a week on average
Tessian researchers also observed that the bigger the company, the more hours of overtime its security leaders typically work. For example, security leaders in UK and US companies with 10-99 employees work an average of 12 hours extra a week, versus security leaders in companies with over 1000 employees who work an extra 19 hours of work, on average.
Similarly, security leaders in companies with under £100,000 revenue work an extra 11.5 hours a week on average, whereas security leaders in companies with revenues of over £500 million typically work an extra 23 hours outside of what they are contracted to work.
Need for sustainable operational work
Josh Yavor, CISO for Tessian, commented “Security leaders need to be all in on their jobs for the security and health of their organisation. As the data shows, this ‘all in’ mentality can turn into ‘always on,’ leading to overtime hours and feelings of burnout.”
Josh Yavor adds, “Not only is this unsustainable, but it also decreases efficacy and increases risk. Like all employees, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, CISOs must be able to lead by example and to set their teams up for sustainable operational work.”