Le Cesin looks at the stress of CISOs

If cybersecurity is known to be a stressful field, a study carried out by the Club of Information and Digital Security Experts (Cesin) and the specialist services company Advens supports this perception with figures, and those- these are rather worrying. Indeed, of the 330 members of Cesin who took part in the study, carried out with the assistance of a coach and an oncologist, 61% have a level of stress likely to have harmful consequences on health. .

The level of stress was evaluated based on the PSS scale (perceived stress scale), which ranges from 0 to 40. Below 16, the level of perceived stress corresponds to the “green zone”, where it is judged. positive or stimulating. However, once this threshold is reached, individuals enter the “orange zone”, with risks to mental health. Between 16 and 22, stress is reflected in particular by occasional feelings of helplessness and emotional disturbances. Beyond that, the level of stress enters the “red zone”, where the risks for the physical and mental health of individuals increase markedly. The average level of stress felt by the cybersecurity managers questioned is immediately higher than the green zone, since it reaches 18.4 – by way of comparison, the average level of stress for French executives and engineers in another study was 12.2. While 39% of the respondents to the Cesin survey are in the green zone, 61% are above, including 33% in the orange zone and 28% in the red zone, or 92 people. Of these, 62 are at risk of burnout, and 22 are even at risk of clinical depression, with a score greater than 28 out of 40.

Professionals in the face of adversity and uncertainty

According to respondents’ responses, five factors strongly contribute to stress. It is first and foremost the notion of adversity, the fight against often invisible enemies being pointed out by 82% of the participants. Then come the uncertainties about their position, 54% considering that a major crisis could cost them it (and even 65% among respondents in the red zone). Having to justify the usefulness of their actions; the lack of disconnection, with the need to be constantly on the alert in the event of an attack and finally the necessary permanent adaptation in the face of very evolving threats are also sources of stress for these professionals. In addition, cybersecurity managers also suffer from the perception of their profession within companies, even if the authors of the study point out that these professions are better understood today than five years ago. 38% of respondents say that their profession “still” suffers from a rather negative a priori and 47% feel misunderstood, even sometimes considered excessive. Finally, 28% of respondents feel discouraged by the increase in the frequency and power of cyberattacks, and nearly half have a feeling of powerlessness in the face of the asymmetric nature of the fight, an indicator to be monitored carefully according to the authors of the study.

Faced with these worrying results, Cesin decided to initiate various studies on the subject, to act on the causes of stress or to mitigate its consequences. The association will also transform this study into an annual barometer, in order to follow the evolution of the level of stress over time. For Mylène Jarossay, president of Cesin, “this study confirms that it was urgent to look into the mental load of cybersecurity professionals, in order to identify avenues to take care of those who ensure, every day, a work of complex and demanding defense. “