A quarter of cybersecurity leaders want to quit

San Francisco, CA, 15th October 2024 — Nearly a quarter, 24%, of CISOs or IT security decision makers (ITS DMs) are actively looking to leave their position, according to new research commissioned by BlackFog.  A further 54%, while not actively looking to quit, are open to new opportunities.

The research, which explored the cause and impact of stress, also highlights how security leaders are managing the demands they face, and what they need from their organizations to feel more supported.  Conducted with UK and US cybersecurity leaders^1, the research also reveals that, of those considering leaving their role, 93% state that the stress and demands are impacting their decision to leave.

When asked about their typical working week, nearly every respondent, 98%, reported that they work more than their contracted hours.  On average, they are clocking up an extra nine hours – more than one working day ² – every week, with 15% of all respondents typically working more than 16 hours over their contracted time each week.

“These findings validate the turnover we witness in the market every day, compounded by the lack of resources and tools to combat new AI based threats” said Dr. Darren Williams, CEO and Founder, BlackFog. “The cost and time involved in replacing senior level security leaders is considerable so it’s absolutely essential that organizations address the root cause of stress to reverse the cycle of churn.” 

In terms of how cyberthreats contribute to security leaders’ pressure, more than two thirds of respondents, 37%, stated that malware and ransomware attacks are the biggest source of stress.  As the ransomware attack landscape continues to evolve, 42% of respondents also stated they are most worried about attackers using AI to launch their assaults whilst data exfiltration, a tactic increasingly used by ransomware attackers, was cited as the top concern by a quarter of respondents.

BlackFog’s findings show that whilst there are positive signs of ITS DMs using constructive strategies to manage stress, some have also engaged in more worrying activities to cope.  When asked about activities over the past year, the findings revealed:

• 86% of participants allocate time for sport and recognize physical health as important to their overall wellbeing. Three quarters (75%) state they get enough sleep.
• More than four fifths (82%) believe that they set clear boundaries between their work and private time.
• However, in the past 12 months 45% have at some point used drugs or alcohol to alleviate work pressures and 69% have withdrawn from social activities.

The research highlights positive support within organizations, but also suggests that Boards and managers could improve the level of help provided.

• Almost two thirds of security leaders have been offered practical support to manage the stress of their role. This includes flexible hours (64%) and hybrid or remote working (62%).
• However the majority of respondents feel that their organization could do more to make them feel supported in their role. This ranged from increasing their budget so they can afford the security tools they need (41%) to having more time to focus on the problems that matter (40%).

For more information and to download the full report click here.

BlackFog is the category-defining vendor in anti data exfiltration (ADX). Founded in 2015, the company invented ADX on the thesis that the endpoint is the only control point capable of stopping data from leaving an organization, an architectural bet that has now been validated across three exfiltration vectors: ransomware, shadow AI, and autonomous AI agents. BlackFog’s endpoint-native platform protects more than 500 enterprises, government agencies, and critical infrastructure operators worldwide. The company is the publisher of the annual State of Ransomware report and the BlackFog/Sapio Shadow AI Research, the most-cited primary research in the category. BlackFog’s recognition includes the teiss Awards 2026, the AI Excellence Award 2026, the Cybersecurity Excellence Awards 2026, and the Cybersecurity Breakthrough Award. Headquartered in San Francisco with international operations in London and Belfast. Learn more at blackfog.com.

¹ Methodology

The results from this survey are from an online survey Sapio Research fielded on behalf of BlackFog with IT Security Decision Makers in companies of over 500 employees across the UK (200) and US (200). The research was conducted in July and August 2024.

²  Calculated based on average weekly hours for UK and US workers, divided by five working days.

• ONS: Average actual weekly hours for full time workers: May – Jul 36.6 hours Average actual weekly hours of work for full-time workers (seasonally adjusted) – Office for National Statistics (ons.gov.uk)
• Statista: Average weekly hours August 34.3 hours: Average weekly working hours U.S. 2024 | Statista