Chief information security officers (CISOs) are under a lot of stress. They are responsible for protecting their organizations from cyber threats, which are becoming increasingly sophisticated and damaging. CISOs also have to deal with multiple other challenges, such as budget constraints, staffing shortages, and a lack of understanding from senior management about the sheer importance of cybersecurity within the organization.
It is not surprising that CISO roles often have a fairly high turnover rate. A recent survey by ESG and the Information Systems Security Association (ISSA) found that the average tenure is only about 24 to 48 months.
Organizations can work towards reducing CISO turnover through adequate support and recognition of this critical role in several ways.
Offer competitive compensation and benefits packages. CISOs are in high demand, so organizations must offer competitive compensation and benefits packages to attract and retain top security talent. Companies should prepare for counter-offers and negotiations surrounding a final offer.
Create a company-wide culture that emphasizes cybersecurity. Cybersecurity should be a top priority for every organization, especially those that handle personal identifying information. Organizations need to create a culture that emphasizes cybersecurity and gives CISOs the resources and support they need to be successful.
Provide CISOs with a seat at the table. CISOs need to be active participants in executive management and board of directors meetings. This will help ensure that they get the support and respect that they need to protect the organization from cyber threats.
Invest in cybersecurity. Organizations must invest in cybersecurity and provide CISOs with the resources they need to do their jobs effectively. This can be tools, subsequent security hires, or even time from various stakeholders.
Reduce the workload of CISOs. Organizations can reduce the workload of CISOs by being open to bringing on additional security staff and/or outsourcing where needed.
These steps can help organizations reduce CISO turnover while, in turn, improving their overall cybersecurity posture.
Additional thoughts: The stress of growing security threats is affecting all cybersecurity professionals, not just CISOs. Cybersecurity professionals are consistently under a lot of pressure to keep their organizations, employees, and data safe from threats. Companies can help to reduce the stress on all cybersecurity professionals by creating a supportive work environment and providing them with the resources and training they need to be successful.
If your company needs help building out support teams, locating your next CISO, or if you are an individual looking for your next opportunity to work with a company that is poised to supportively welcome a CISO or similar role, please reach out, and we will be happy to help!
Citation: Nadeau, M. (2018, February 14). Stress pushing CISOs out the door. CSO Online. Retrieved October 10, 2023, from https://www.csoonline.com/article/574639/stress-pushing-cisos-out-the-door.html