Out-Law News 1 min. read
01 Jun 2023, 10:46 am
Cyber security officers should turn to their in-house legal teams for support, according to one expert, after a survey revealed that many are suffering from work-related burnout and stress.
Research carried out by US cyber security company Proofpoint found that relentless cyber attacks and pressure to fix security gaps amid budget constraints were among the top concerns for chief information security officers (CISOs) across 16 countries.
The survey suggested that, although cyber security had not been considered a priority for many businesses in the years leading up to the Covid-19 pandemic, the sudden shift towards remote working patterns instantly required CISOs to develop extra security protections for employees at home.
According to Proofpoint, around 61% of CISOs said they face excessive expectations from their employers. Many CISOs also reported that stretched resources hampered their ability to defend their companies. Nearly two-thirds (60%) of all the CISOs surveyed said they had experienced burnout in the past year, while three-quarters of CISOs in the US said burnout put them at risk of quitting.
Christian Toon of Pinsent Masons said the survey of more than 1,600 CISOs should act as a “wake-up call” for security and technology leaders to reach out to their own legal teams for help. “CISOs’ worries over burnout and personal indemnity can be eased by building alliances with their general counsel,” he added.
“In doing so, they can start to form a closer relationship with their in-house legal teams and establish a clear framework for managing cyber security and professional risk. An approach like this is in the best interests of both the security leaders and the businesses they help to protect,” Toon said.
Cyberattacks often cause major business disruptions and reputational damage. In the worst cases, regulatory investigations and lawsuits can follow. Two-thirds (62%) of CISOs told Proofpoint that concerns about personal liability related to cyber attacks were raising their stress levels at work.
Toon said organisational support was required for the mental and emotional wellbeing of security leaders, as well as for individuals affected by cyber security incidents. “If CISOs are worried about personal indemnity for the decisions they make, their first port of call should be their firm’s general counsel. Ask them for their views and for support in defining the legal accountabilities of the role,” he added.
“They should also use this time to bring their in-house legal team into the cyber world, explaining the work CISOs do, and how they can involve general counsels more. After all, cyber security fast becomes a legal matter when safeguards fail. InfoSec is a team sport, so why wouldn’t you want a general counsel on your side? Everyone wins,” Toon said.