New research reveals that the average security leader in the UK and US works 16.5 hours every week over what they are contracted to work.

This is an increase of 5 and a half hours compared to the same figures last year (11 hours extra per week in 2021), as observed by email security firm, Tessian, as part of their annual ‘Lost Hours’ report series.

Research findings

The data also revealed that one in three security leaders (33 percent) are working over 20 hours extra a week, and one in five (18 percent) work over 25 hours extra a week. In 2021, just 9 percent of security leaders worked 20-24 hours extra a week.

Shockingly, one in 10 UK security leaders revealed that they also commit 25-49 hours over what they are contracted to work, every week. Furthermore, 79 percent of UK security leaders admitted that they struggle to ‘always’ switch off from work, and 21 percent say they can ‘rarely’ or ‘never’ switch off. Again, these figures are up from last year, where 59 percent said they struggle to switch off.

Big companies = more overtime hours

Security leaders in companies with under £100,000 revenue work an extra 11.5 hours a week on average

Tessian researchers also observed that the bigger the company, the more hours of overtime its security leaders typically work. For example, security leaders in UK and US companies with 10-99 employees work an average of 12 hours extra a week, versus security leaders in companies with over 1000 employees who work an extra 19 hours of work, on average.

Similarly, security leaders in companies with under £100,000 revenue work an extra 11.5 hours a week on average, whereas security leaders in companies with revenues of over £500 million typically work an extra 23 hours outside of what they are contracted to work.

Need for sustainable operational work

Josh Yavor, CISO for Tessian, commented “Security leaders need to be all in on their jobs for the security and health of their organisation. As the data shows, this ‘all in’ mentality can turn into ‘always on,’ leading to overtime hours and feelings of burnout.” 

Josh Yavor adds, “Not only is this unsustainable, but it also decreases efficacy and increases risk. Like all employees, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, CISOs must be able to lead by example and to set their teams up for sustainable operational work.”

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?