Aside from earning more money, CISOs pursue other opportunities when current employers minimize cybersecurity commitments and efforts. Credit: Thinkstock Happy 2018, everyone — let’s hope that this is a good year for cybersecurity professionals and global cyber safety. Of course, an organization’s cybersecurity success is often a function of the effectiveness of the chief information security officer (CISO). A strong CISO can mean the difference between functional cybersecurity and constant chaos. Unfortunately, many CISOs don’t have a long shelf life. Industry research suggests that the average CISO tenure is only about 24 to 48 months, with many packing their bags even sooner. This begs an obvious question: Why do CISOs seek out other opportunities so often?Top 4 reasons why CISOs change jobs frequentlyESG and the Information Systems Security Association (ISSA) sought to answer this question in a recent survey of 343 cybersecurity professionals and ISSA members. The top four reasons cited were as follows: 38% of respondents say CISOs change jobs when they are offered higher compensation packages from other organizations. No surprise here, as CISOs are in high demand while the cybersecurity skills shortage has led to continuous salary inflation. Many CISOs are willing to jump ship when presented with an offer they can’t refuse.When you look at the data beyond the almighty dollar, some other patterns emerge:36% of respondents say CISOs change jobs when their current employer does not have a corporate culture that emphasizes cybersecurity. Given the job market for CISOs, don’t expect cybersecurity leaders to simply go through the motions if the corporation isn’t committed to the cause.34% of respondents say CISOs change jobs when the they are not active participants with executive management and the board of directors. CISOs are business managers who oversee a technology discipline. The data indicates that they will quickly fly the coop when they are treated as glorified system administrators.31% of respondents say CISOs change jobs when cybersecurity budgets are not commensurate with the organization’s size or industry. As hard as it is to believe in 2018, there are still plenty of organizations willing to nickel and dime the CISO and settle for “good enough” security. This isn’t a strategy for long-term CISO retention or strong cybersecurity for that matter.Clearly, money matters to CISOs, but they also want to work for executives who are willing to fund, participate in, and cheerlead cybersecurity efforts across the entire organization. In lieu of this commitment, the CISO is as good as gone. The data presented in this blog post is included in the recently published ESG/ISSA research report, The Life and Times of Cybersecurity Professionals (follow the link for a free download of the entire report). Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe