How To Handle Today’s High CISO Turnover

Security leaders are in higher demand than they've ever been—and they know it. Here’s how to attract and retain them.
Chief Information Security Officers (CISOs) are vital to the success of an organization, yet the turnover rate is alarmingly high, which puts companies in a bind: how do you not only attract this type of talent but, perhaps more importantly, how do you retain them?

It all started with the added stress Covid-19 created as companies around the globe were forced to accommodate and secure remote workforces. In turn, this shift increased vulnerabilities and risk as workers were connecting to unsecured Wi-Fi networks, for instance, which forced companies to try to balance the need for speed with security. For perspective, the swift adoption of remote and hybrid workforces fast-tracked three-year timelines for security initiatives and digital transformation to a matter of weeks, if not days. That’s an incredibly tall order but there was simply no way to sacrifice one for the other—securing the business, ensuring operational efficiency and generating revenue all had to be addressed simultaneously. This was also compounded by the surge in e-commerce, virtual meetings and other digital-only activities that some companies weren’t prepared for.

Given these interdependent complexities, the role of the CISO was catapulted to being a key driver for securing the network and connected devices, for example, while also overseeing vital digital transformation initiatives. With increased responsibilities, the pandemic thrust these security leaders into the spotlight where they had to manage and collaborate across the business, getting involved in everything from compliance, cybersecurity, fraud management, incident response, investigations, legal and physical security, and even real estate investments. Strategic planning that secured an entire security ecosystem became the top priority that it is today.

What’s Driving the Security Exodus?

The one matter that is not up for debate is that qualified CISOs are in high demand. Studies attribute a high turnover rate to competitive compensation with higher pay and incredible perks. Poor work cultures and a lack of resources has also led to increased attrition, as work-life balance, diversity and inclusion (D&I), mental health and overall employee satisfaction are now no longer nice to haves, they’re must haves.

It’s also evident that CISO retention and succession planning requires companies to build cybersecurity initiatives into every part of the company’s infrastructure and operations, with the budget to match. While each industry is different, analysis finds that many data breach issues have occurred where these security budgets are less than 5% of a company’s total IT spend. So, is it really that surprising that CISOs without the resources to do what is needed are seeking employment elsewhere?

How the Pandemic Completely Changed the Game

With 53% of CISOs assuming their positions during the Covid-19 pandemic, it is important to realize that 67% did so by joining a different organization. Reports also show that only 27% stay in their role at a company for three to five years. Reduced tenures and growing cybersecurity needs make maintaining a healthy pipeline of CISOs a primary risk facing companies today.

Succession-planning analysis shows a wide gap with 64% of large global companies hiring CISOs externally, which can have the knock-on effect of losing members of the CISO’s team, thus losing institutional knowledge. CISOs and other company leaders need to put more focus on internal talent development and succession planning regarding leadership readiness.

Another way to address the need for talent is by expanding the net of potential cybersecurity talent internally by bringing in those with already high competency regarding the softer skills of influence, negotiation and people leadership, and developing their technical acumen. This will both increase the already small supply of accessible cyber talent, as well as help increase diversity and inclusion in an underrepresented field.

Do This to Keep Talent Onboard

From all the recent data amassed there are several takeaways companies should consider when finding and retaining CISO talent, such as:

• Fostering growth by expanding the role and diversifying the skill set of potential candidates

• Being open to candidates with different technical accreditations, broader career experience, internal training and management rotations to increase their cyber talent pool

• Reassessing the internal reporting structure with increased management responsibilities and other enterprise-wide responsibilities (outside of pure information security) can be a great retention strategy for the CISO and their team

If these things aren’t built into a company’s approach from the very beginning, the CISO turnover rate will continue to be high, along with a short supply of qualified and diverse candidates. Since CISO longevity has a direct impact on the integrity and effectiveness of a company’s cybersecurity initiatives, it is critical for organizations to take steps that will retain this talent while also proactively having a succession plan in place for any planned—or sudden—departure.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.