Life as a CISO in 2026: the hidden sixth day

The CISO job isn’t nine to five. New research from Seemplicity suggests the average cybersecurity leader now works 10.8 extra hours per week beyond their contracted schedule – effectively adding a hidden sixth day to the working week.

And this overtime isn’t the occasional incident response surge – it’s the normal operating model. 

The report found 45% of cybersecurity leaders work more than 11 extra hours each week, and 20% exceed 16 hours of additional work. That workload carries a psychological toll – 44% say the job is emotionally exhausting more often than it is rewarding, rising to 56% among C-level security leaders.

Even time off offers limited relief. Of the CISOs surveyed, 43% say they can’t take leave without creating more stress for themselves when they return, while 32% admit to experiencing regular ‘Sunday scaries’ about the week ahead.

All of this points to a role that has expanded faster than organisations have been able to adjust to support it. 

The CISO is now a translator, not just a technologist

At the same time, the nature of the job itself is changing. Instead of being judged solely on their ability to defend systems, security leaders are increasingly expected to explain cyber risk in business terms and coordinate action across the organisation.

According to the report, 89% of security leaders say their role now requires significant cross-functional collaboration and business alignment.

That change is reflected in the skills CISOs say matter most today: 

• 82% say people skills (communication, influence and stakeholder management) are more central to their role than five years ago.
• 85% report moderate to significant pressure to strengthen communication and interpersonal skills as AI becomes embedded in security operations.

So the modern CISO increasingly sits at the intersection of technology, risk and organisational politics – translating technical threats into decisions the business can act on.

AI is changing the role, not reducing it

Automation promises to lighten the load, but the reality appears more complicated. Security teams are investing heavily in AI capabilities – but the accountability still lands with people.

Seemplicity found 64% of cybersecurity leaders say they have sufficient budget for AI features, suggesting organisations are willing to invest in the technology. This means the gap lies elsewhere.

More than half (52%) say investment in training for effective human–AI collaboration is limited or insufficient, leaving security leaders responsible for governing systems they may not yet be fully equipped to operationalise.

That helps explain why 73% of respondents say AI oversight and governance will become the defining capability of the cybersecurity professional in the future, ahead of purely technical expertise.

The role is evolving from security operator to AI risk governor.

The boardroom paradox

Meanwhile, CISOs have never been closer to the boardroom. According to research from IANS, 95% of CISOs now provide regular updates to the board – a sign that cybersecurity has firmly established itself as a board-level issue.

But access doesn’t always translate into partnership.

The same research found only 30% of boards describe their relationship with the CISO as strong and collaborative, suggesting a significant trust and communication gap remains. And boards themselves acknowledge the challenge – 53% say reporting on the impact of evolving threats still needs improvement.

The result is a paradox: CISOs are increasingly visible at the highest levels of the organisation, yet many are still working to bridge the gap between technical risk and boardroom understanding.

Burnt out, but still bought in

Even with all this pressure, the statistic that really stood out to us from the Seemplicity report is this one: 

94% of cybersecurity leaders say they would still choose cybersecurity again as a career.

We think this is because the role remains deeply mission-driven, even as the workload intensifies. We know this from the CISOs in our community – you’re juggling governance, AI oversight, organisational diplomacy and operational defence, but the sense of purpose still outweighs the pressure. 

And that, perhaps, is the most revealing insight about life as a CISO in 2026. At Black Hat MEA, it’s given us new motivation – to support our community and enable collaboration and knowledge-sharing that, in time, will lighten the load.