There is no doubt that a C-level position in any company is a high-stress job. However, the CISO – Chief Information Security Officer – turnover rate is significantly higher than that of other C-level executives. Gartner predicts that by 2025, half of cybersecurity leaders will change jobs, and a quarter of them will leave the field entirely, many of those due to work-related stress. The question is why are so many CISOs leaving and what can be done about it.
Why CISOs Are Leaving
CISOs and other cybersecurity professionals are leaving their jobs for several reasons. Here, we’ll explore the most common ones.
The CISO role has always been high stakes, COVID-19 added a new level of complexity to cybersecurity. Add to that the fact that technology is advancing at astronomical rates and the cybersecurity landscape is changing rapidly, and it’s no wonder that stress levels are high.
Lack of support
It can be difficult for CISOs and other cybersecurity leaders to get the support they need from the rest of the C-suite. While other C-level executives, such as the CIO and CFO, report directly to the CEO, only 7% of CISOs report to the CEO. Not only that, but 88% of Board of Directors see cybersecurity as a business risk. This results in a lack of visibility within the organization and makes it extremely difficult for cybersecurity leaders to influence real change within the company.
With the lack of buy-in from the Board of Directors and C-suite executives, along with ever-increasing pressure from business partners, customers, and shareholders, there are often unrealistic expectations placed on the CISO to solve all the company’s security problems. This can result in frustration and disengagement for the CISO.
Cybersecurity skills gap
With the increasing complexity of technology and the rising cost of education, the skills gap for cybersecurity professionals is growing. In addition, CISO roles are becoming more complicated, with the skillset required expanding beyond the technical expertise required to do their job effectively. This is leaving companies scrambling to find qualified candidates to adequately fill their CISO role.
How to Support Your CISO
There are several ways to support your CISO, enabling them to make better decisions and increase your organization’s protection against cybersecurity threats that can ultimately cost your company millions of dollars and reputational damage. With this in mind, here are ways you can support your CISO.
Have CISOs Report Directly to the CEO
When your CISO can report directly to your CEO, they have enough visibility into the organization to ensure that they have a solid understanding of how the business operates. This will allow them to align their security goals with the company’s operational and business objectives.
Make Sure CISOs Attend Meetings
CISOs should attend all business planning meetings and hold one-on-one meetings with other C-level executives and organizational leaders. This will give them insight into the different areas/departments within the company and help them understand the business priorities central to operations.
Expand the Skillset Required to Fill the Role
When developing and advertising the CISO role, make sure it is broad enough to encompass the diverse skillset required of today’s cybersecurity professionals. Since the CISO is required to lead a team of security professionals, they need soft skills such as communication and presentation, leadership, and policy development.
You can then focus on training existing cybersecurity leaders within your company so they have the technical and soft skills needed to protect your organization against cyber threats. This will also allow you to look beyond the standard skills required when hiring new talent, opening you up to a more extensive skill set and a broader range of career experience.
Ensure You Have a Proper Succession Plan in Place
Whether promoting from within or bringing in an external hire, you want the transition to be as smooth as possible to alleviate the pressure and stress on your incoming CISO. This means only promoting from within when the candidate has been specifically trained and groomed for the role. If hiring from outside the company, make sure they have the skills to help them overcome the challenges faced by the previous CISO. In both cases, provide the support needed to help them succeed.
Ultimately, your CISO and their team is your main line of defense against the cyberthreats that lurk just beyond your firewalls and other layers of protection. But they can only be as effective as the support they receive and their understanding of your organization’s overall business and operational objectives. By providing your CISO with the support they need and developing realistic expectations of what they can achieve, you are set up to have the highest level of protection possible.
Platinum Technologies offers a wide range of cybersecurity services to ensure your organization is fully protected. Contact us today to discover how we can support your CISO.