October 30, 2017 By Douglas Bonderud 3 min read

Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.”

As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strategy and reasonable employee access is becoming problematic. Add in accidental security breaches, the expectations of C-suite members — especially when CISOs don’t get a seat at the table — and budget constraints, and panic sometimes feels like the most reasonable response.

Five Keys to a Stress-Free Cybersecurity Strategy

While these problems won’t go away anytime soon, security leaders and executives can implement strategies, policies and communication methods to fill budgetary and awareness gaps and get disparate departments on the same page. Here are five tips to help CISOs retain their sanity and bolster business borders.

1. Create a Clear Strategy

According to Databarracks’ “Data Health Check 2017” report, only 53 percent of IT decision-makers felt confident about their organization’s ability to handle cyberthreats such as viruses, spyware and ransomware. Even more worrisome, PwC’s “Global State of Information Security Survey 2018” revealed that 44 percent of organizations lack an overall information security strategy. Given these startling statistics, it’s no surprise that CISOs are feeling the heat, since most enterprises lack clear direction when it comes to handling new cybersecurity threats.

Staying sane demands specificity. Security leaders should draft actionable security policies that have C-suite support and clear consequences for noncompliance. Start with staff members: Make sure they understand the new guidelines and give them room and time to learn and adapt. Then, enforce the policy as needed to limit security risk.

2. Activate Automation

CISOs often struggle with the dual difficulties of budget and time. There’s no more money to hire extra staff, but there aren’t enough hours in the day to get everything done. The solution, according to Dark Reading, is automation. Automated tools can track and monitor devices at a granular level, allowing CISOs to see what’s happening and where in real time. Automated tools can also replace cumbersome and error-prone processes such as data entry and review, allowing current IT staff to tackle high-priority projects instead of playing catch-up.

3. Talk the Talk

CISOs are often overlooked when it comes to the C-suite short list. Some CISOs prefer working with technology over attending endless meetings about budget and strategy, but cybersecurity is now a line-of-business opportunity, not a cost center.

Getting the budget and resources needed to stop cyberthreats means selling the concept to executives in terms they understand. Put simply, CISOs need to talk the talk and find ways to couch security problems in business-friendly language. And while developing soft skills seems like one more task for CISOs to pile onto their already full plates, it’s a long-term win: With the C-suite on board, technology and budget approval becomes a much smoother process.

4. Bridge the Gap

In a cloud-based world, silos and departmental boundaries destroy cybersecurity success. If IT security professionals don’t want to deal with disaster recovery experts, marketing doesn’t like how HR is handling data and front-line employees push back against security policies, the result is a nightmare that keeps CISOs up at night and barely hanging on day-to-day.

Here, staying sane means finding a way to bridge the gap between disparate departments and evolving expectations. To make your case, be clear about the costs of lax cybersecurity and talk up the potential benefits of cloud-based collaboration. This is the domain of the new CISO — part encourager, part enforcer, but entirely dedicated to reducing security risk.

5. Prioritize People

Building relationships should remain your top priority. While CISOs are often torn between balancing budgets and managing human resources, these human connections ultimately make or break CISO success.

Budgets fluctuate based on a host of factors, from the previous quarter’s profits to upcoming capital expenses or new investments. The right people, however, form the backbone of reliable security response. By putting relationships first and budget concerns second, CISOs can encourage a culture of loyalty and respect in which various departments work together to solve budget problems.

Sanity Is the Best Strategy

There’s no question that CISOs are under stress, with emerging cybersecurity threats making it harder and harder to stay sane. But it’s possible to keep crazy off your radar. Start with a smart cybersecurity strategy, opt for automation, speak the language of business and bridge the gap by putting people first.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today