A recent report found that the average tenure of a chief information security officer (CISO) is only 18 to 24 months, citing constant stress and urgency of the job as the core reasons. For comparison, the average tenure of a chief financial officer is 6.2 years and the average tenure of a chief executive officer is 8.4 years.
The revolving door is not limited to the C-suite when it comes to key tech roles. A recent report from the Ponemon Institute found that 65% of IT and security professionals consider quitting due to burnout. And there arenearly 3 million unfilled cybersecurity positions at companies worldwide.
Beyond the massive pressure CISOs are under to keep their organizations and customers secure, the talent shortage for skilled CISOs means frequent recruitment to new jobs, with offers of up to $6.5 million in salary and profit sharing. Between CISOs being aggressively recruited and a large percentage of the security workforce weighing their employment options — not to mention a growing and increasingly volatile landscape that requires the top security leadership to manage and mitigate — organizations can't afford to make the wrong choice when it comes to hiring (and retaining) a CISO.
Consider a recent high-profile data breach at a large financial corporation. It was reported that staff suggested the CISO, who came from a federal government background, clashed with employees. Prior to the breach taking place, employees raised concerns about a high turnover rate within the cybersecurity team — which included about one-third of the entire team staff in 2018. To some close to the organization, this and other missteps indicate that the breach did not entirely come out of the blue.