Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Cyber support: are financial services companies setting a good example in supporting security staff.

By Stuart Reed, VP of Cyber Security, Nominet 

Have you ever wondered what the most stressful job in your organisation is? If you were to rank them, the chances are that the person responsible for protecting your organisation from data breaches and cyber attacks would be quite near the top. In most organisations, this is primarily the role of the Chief Information Security Officer (CISO), who heads up the cyber security team. What’s more, while it’s true that everyone at the senior leadership level may be feeling stress and working long hours, it’s the nature of the fire CISOs are fighting which arguably makes their stress unique.

Over the last two years, we have conducted research into the working life of the CISO in order to better understand the role, its pain points, and how the stress they are under could be relieved. This year’s report, Life Insider the Perimeter: One Year On, found that the vast majority (88 percent) of CISOs remain moderately or tremendously stressed and that it is taking a greater toll on CISOs’ mental and physical health, and their personal relationships.

However, the research suggests that CISOs working in the financial services sector are, on average, suffering slightly less from stress. So what are financial services organisations doing right that other industries can learn from?

CISOs in finance have higher welfare 

Stuart Reed
Stuart Reed

Responding to the survey, fewer CISOs in finance reported being tremendously stressed than any other industry (just 14 percent). The stress they are under is also less likely to impact their mental health and has fewer adverse effects on their personal life. For example, CISOs working in financial services companies are less likely to be abusing alcohol and reported that stress had taken less of a toll on their marriages or romantic relationships.

The better welfare of CISOs in finance is especially stark if you contrast it to an industry with a comparable amount of sensitive data – the legal industry. By comparison, 67 percent of CISOs at legal firms reported being tremendously stressed. A shocking 53 percent reported that stress had impacted their mental health and, for 60 percent, their physical health (compared to only 41 and 35 percent in finance). This is having a real impact on the lives of CISOs working in the legal industry. The vast majority (60 percent) reported that work-related stress had impacted their marriages or romantic relationships – way above the overall average of 32 percent and financial services on just 24 percent. Moreover, 27 percent reported using medication or alcohol to deal with their stress vs just 14 percent in financial services.

Therefore, it is clear that there is something different about the CISO role at financial services companies that means that they have a higher welfare than the legal industry and almost all other sectors.

Why are CISOs in finance less stressed?

 One potential reason that the CISO role in finance organisations is less stressful can be immediately ruled out: it is not because their job is easier. CISOs in financial services are tasked with safeguarding some of the most sensitive data there is and are constantly battling against threats. In fact, 60 percent of CISOs admitted that their organisation has been affected by a security incident in the last year, and 33 percent said that it had happened more than once. Hardly a stress-free environment. Yet, in spite of this, CISOs are faring better than average when it comes to mental health.

The secret may lie in a better relationship between security teams and the board in finance organisations. While there were security incidents, 80 percent of CISOs believe that the board understands that breaches are inevitable – almost the highest level of understanding in any industry. When asked how they thought the board would respond if a security incident happened, 61 percent said the board would be understanding and assist in resolving the incident. Again, this is the highest of any other industry and probably demonstrates that the greater awareness of security risk among financial services institutions has resulted in a more collaborative and effective relationship between CISOs and the board.

This understanding seems to have also translated into a comparatively better work environment for CISOs – which may be contributing to them handling work stress better. For example, when asked about their work-life balance, only 12 percent said it was “far too heavily work focused” – almost half of the average (21 percent) and a fraction of the response in the legal industry (60 percent).

Perhaps even more importantly, 53 percent of CISOs in finance said that their organisation has support structures in place to help them cope with stress and that they were actively reminded of them, compared to 38 percent on average and just 30 percent in the legal industry. This proactive approach to encouraging good mental health stands out as one of the strengths of the financial services industry.

More needs to be done 

However, that is not to say that there is not work to be done in helping CISOs in financial services. While it is below the average, 83 percent of CISOs in finance report being either “moderately” or “tremendously” stressed and 41 percent say this has had an impact on their mental health. These numbers are still far too high.

Moreover, while fewer finance CISOs thought their work life balance was “far” too focused on work, only 24 percent thought it was “balanced”. CISOs in financial services actually work slightly more overtime than average – 11 hours a week. Again, this has a real impact on people’s personal lives – 35 percent have missed a family milestone and 33 percent aren’t taking the annual leave they are entitled to. As always, money is perhaps the best indicator of how people feel. On average, CISOs said they would sacrifice £7,559.64 of their yearly salary for a better work-life balance.

All of this means that CISOs in finance are not immune to a trend we saw throughout this report – burnout. On average, CISOs in financial services only stay in their jobs for just over two years (27 months) – a very short tenure.

Financial services is definitely ahead in supporting the CISO role but clearly more has to be done. Most importantly, the board should build on its relationship with the CISO to remove the sole burden of responsibility the CISO feels for securing the business. More than any other industry, including legal, CISOs in finance believe that they hold this ultimate responsibility for a security incident, and that this is the most stress inducing part of their job. It’s no wonder they are feeling the pressure, when you consider that 20 percent of CISOs believe their contract would be terminated in the event of a security incident.

The role of the CISO can only be improved by a better working relationship with the board, and so it’s important that the C-Suite recognise that improving the CISO’s working life can only have positive outcomes for the business. With a strong and empowered CISO at the head of their security team, organisations will face less risk, be better protected, be more able to deal with a security breach when it hits, and ultimately become safer from cyber crime.