In a recent poll of 2000 CISOs by Proofpoint, a significant contributor to the pressure felt by the world’s CISOs is the ever-present possibility of personal liability––62% expressed concern about the subject. Just 15% said it was not a worry in their current role.

The increased responsibility of the CISO has brought increased scrutiny from regulators. The failure of Uber’s former CISO to report a data breach resulted in a felony conviction. CISOs are well aware of what this verdict and others like it could mean for them, and they are seeking reassurance.

Most CISOs (61%) say they would not join an organization that does not offer directors and officers (D&O) insurance or something similar to protect them from financial liability stemming from a successful cyber-attack. Just 14% disagree.

Understandably, CISOs in industries with high volumes of sensitive data or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

After navigating the turbulence of the pandemic’s first year, Chief Information Security Officers (CISOs) initially found some footing in what they called the “new normal.”

With enhanced remote setups and an understanding of the evolving cyber threats, confidence was on the rise. But let’s be clear: what seemed “new” has since become the status quo. With a couple more years of remote work experience, CISOs are back to confronting familiar yet heightened concerns.

While CISOs are under no illusion about the risks their own employees can pose—insider threats are on the upswing. Amid widespread staff turnover across industries, this problem isn’t going away anytime soon.

And let’s talk about budget cuts. At a time when economic headwinds are affecting all departments, security budgets are also tightening. Sure, the current measures may be adequate for now—covering supply chain risks, combating ransomware, and eradicating threat actors. But how sustainable is this in the long term?

So, no surprise, CISOs are feeling the squeeze. Rising expectations, potential personal liability, and the pervasive risk of burnout have added fuel to their stress.

However, it’s not all doom and gloom. The fact that CISOs are openly discussing these challenges is a positive indicator. There’s a sense of unity with board members, providing a stable base for future reforms.

The million-dollar question remains: Will the resources be there to support these needed changes in an era of dwindling budgets and persistent talent gaps?