CISOs experience mounting external and internal stressors in their jobs, according to a report from Nominet released on Thursday. The majority (91%) of these professionals said they face moderate to high stress in their leadership positions, with 60% admitting they rarely disconnect from work, the report found.

The report surveyed 408 CISOs in the US and UK, who all oversee their business’ cybersecurity efforts. With immense social, digital, and security pressures, the modern CISO has trouble staying afloat, the report found.

SEE: Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)

CISOs work long hours: 88% said they work more than 40 hours a week, and 22% said they are available to the company 24/7, the report found. US CISOs are the worst about taking time off, with 89% saying they never have a break longer than two weeks from work.

More than a quarter of CISOs (26.5%) said both the hours and stress of the job impact their mental or physical health, and 17% of CISOs said they’ve turned to medication or alcohol to handle the pressure, the report said.

These leaders work long hours because of pressures coming from within, the report found. While executive teams do value security, 32% of those surveyed said they fear in the wake of a breach, their job would pay the price–either with an official warning, or termination.

Some 60% of CISOs admitted to the presence of malware in their infrastructure for unknown lengths of time, with the average length of discovery being two weeks, the report said. More than half of CISOs (57%) blamed a lack of resources on their companies’ cybersecurity deficiencies, and 65% said lack of senior buy-in was also a barrier.

Even if CISOs want to implement more security precautions, they must have the support from other executives. This problem ultimately turns into a vicious cycle: CISOs want to invest more in security because their jobs depend on it, but they can’t get more funding without senior buy-in, which they don’t receive, the report noted.

Not only do CISOs have to fear losing their jobs, but they also have to deal with the stress of budget deficiencies, according to the report. Less than half of CISOs (43%) believe they have an adequate security budget to handle cyberattacks.

“It’s no surprise that CISOs are facing burnout,” said Russell Haworth, CEO of Nominet, in the press release. “Many lack support from within their organisations, and senior business leaders need to face the facts: The threats are real, and CISOs need to be given the resources and support to tackle them. If not, the board must face the consequences.”

Check out this TechRepublic article to learn how to avoid burnout.

The big takeaways for tech leaders:

  • CISOs face pressure at work from long hours, budgetary deficits, and lack of buy-in from senior executives. — Nominet, 2019
  • CISOs risk facing job burnout from mounting pressures associated with the job position. — Nominet, 2019