Security professionals are being overworked - and that's a huge problem

Mature man using laptop in a cafe, looking annoyed
(Image credit: Getty Images)

The number of overtime hours IT security leaders put in every week has grown significantly, compared to the same period last year, new research has shown.

What’s more, it’s getting harder for them to switch off in their free time, meaning they’re pretty much constantly engaged, one way or another. That results in plenty of risk for the organization.

Email security firm Tessian recently published its annual “Lost Hour” report, based on a survey of 600 security leaders in the UK, US, Middle East, and Africa. According to the report, the average security leader in the UK and the US works 16.5 hours overtime a week, up five and a half hours compared to the same time last year. A third work 20 hours extra per week, while a fifth (18%) work 25 hours above what was contractually agreed, up from 9% a year ago. 

Always on

Tessian also says that 10% of security leaders spend anywhere between 25 and 49 extra hours in the office, every week. Those that spend 49 hours extra are actually spending some seven hours extra a day - including weekends. 

In the UK, four in five (79%) leaders struggle to “always” switch from work, while a fifth (21%) say they can “rarely” or “never” switch off. These figures are also up compared to last year, when 59% said they had problems switching off. 

“Security leaders need to be all in on their jobs for the security and health of their organization,” commented Josh Yavor, CISO for Tessian.

“As the data shows, this ‘all in’ mentality can turn into ‘always on,’ leading to overtime hours and feelings of burnout. Not only is this unsustainable, it decreases efficacy and increases risk. Like all employees, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, it’s critical that CISOs are able to lead by example and to set their teams up for sustainable operational work.”

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.