{"id":15765,"date":"2026-02-10T07:05:53","date_gmt":"2026-02-10T07:05:53","guid":{"rendered":"https:\/\/newestek.com\/?p=15765"},"modified":"2026-02-10T07:05:53","modified_gmt":"2026-02-10T07:05:53","slug":"69-of-cisos-open-to-career-move-including-leaving-role-entirely","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15765","title":{"rendered":"69% of CISOs open to career move \u2014 including leaving role entirely"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Enterprise CISOs are increasingly willing \u2014 and eager \u2014\u00a0to jump ship, with some frustrated enough to want to leave cybersecurity entirely.\u00a0<\/p>\n

A recent survey of security leaders from IANS Research and Artico Search<\/a> found that 69% of security executives \u201care open to making a career move within the next year, often targeting CISO roles at a larger company or in a different industry, but also other non-CISO roles such as CTO, CIO, board member, or a second-in-command security leadership role at a larger company,\u201d according to the report.\u00a0<\/p>\n

Cybersecurity analysts and consultants attributed this shift to a variety of issues based on what they\u2019ve seen and heard from CISOs.\u00a0<\/p>\n

\u201cIt\u2019s not so much about chasing a slightly better or higher title. The sheer exhaustion, organizational misalignment, and a growing sense that the job, as it is currently structured in many organizations, is not sustainable\u201d is the primary cause, says Erik Avakian<\/a>, technical counselor at Info-Tech Research Group.<\/p>\n

\u201cCISOs live in a world of constant urgency. Unexpected incidents, routine audits, board updates, third-party vendor challenges, and regulatory deadlines are part of the daily grind and come without any real off-ramps,\u201d he says. \u201cAt the same time, many are still perceived internally in their organizations as the security person rather than as a true business leader executive. That gap between responsibility and influence wears people down, particularly if the influence doesn\u2019t grow over time.\u201d<\/p>\n

Such patterns have become ingrained in the enterprise over many years, making this a challenging issue for organizational executives to fix.\u00a0<\/p>\n

\u201cThe answer is not just \u2018pay them more,\u2019 although compensation absolutely matters more and more these days,\u201d Avakian says. \u201cYou can\u2019t ask someone to carry enterprise-level risk and expect them to be motivated by mid-tier executive pay. But money alone doesn\u2019t fix a structurally broken role.\u201d<\/p>\n

The fix begins with giving \u201centerprise-level standing\u201d to those accountable for enterprise security<\/a>, he says. \u201cThat means direct access to the CEO and board, someone who can have the time to strategize, build relationships across the business in order to influence, and not be buried under layers of IT or in a day-to-day reactive mode. It means authority that matches responsibility, real influence over cybersecurity budgets, architecture, third-party posture, and overall risk decisions.\u201d<\/p>\n

Avakian adds that this goes well beyond the typical disgruntled executive.<\/p>\n

\u201cMost CISOs aren\u2019t looking to jump ship because they\u2019ve lost interest in the mission. Most CISOs and security leaders have a passion for what they do and for helping others,\u201d he says. \u201cBut if they\u2019re leaving, it\u2019s because they want to lead, build, and make a difference \u2014 and too often the structure around them makes that impossible.\u201d<\/p>\n

Organizations fix this by \u201creshaping the role so that thought leadership, team leadership, and positive influence is actually possible,\u201d he adds.<\/p>\n

A \u2018systemic vulnerability\u2019<\/h2>\n

Sanchit Vir Gogia<\/a>, chief analyst at Greyhound Research, says the issue goes beyond mere job-switching: \u201cWe\u2019re staring down a slow-motion talent exodus,\u201d he says.<\/p>\n

\u201cWhat\u2019s driving it isn\u2019t compensation or lack of professional development; it\u2019s role design failure, plain and simple,\u201d he explains. \u201cEnterprises have engineered a position that asks security leaders to carry outsized responsibility for risks they can\u2019t fully control, with inadequate authority, patchy board support, and a high probability of becoming the designated scapegoat when something goes wrong.\u201d<\/p>\n

Moreover, the emotional pressures of the CISO role have continually gotten worse<\/a>. \u201cThat\u2019s trauma disguised as professionalism,\u201d he says, adding that the damage often persists well after one security executive departs.\u00a0<\/p>\n

\u201cWhen a CISO leaves, the aftershocks ripple fast. High-performing lieutenants often follow<\/a> within months. Projects get frozen. Strategic security programs lose momentum. The organization is left scrambling for interim cover, usually without a real succession plan in place,\u201d he says. \u201cThis is more than a retention issue. It\u2019s a systemic vulnerability. Yet most boards haven\u2019t treated it as one.\u201d<\/p>\n

Worse, CISOs who leave their positions are often walking away from the role entirely, Gogia notes.\u00a0<\/p>\n

\u201cSome are reconfiguring their careers toward consulting or fractional advisory work, where they can stay involved in the field without absorbing the institutional weight of being the last line of defense,\u201d he says. \u201cOthers are sliding sideways into roles in enterprise risk, audit, or regulatory compliance. These are functions where decision rights and accountability are better aligned.\u201d<\/p>\n

The best way to stem the tide of CISO departures, Gogia suggests, is to give CISOs the power they need to do their jobs.\u00a0<\/p>\n

\u201cIf the CISO is accountable for third-party risk, then they need veto power in procurement. If they\u2019re responsible for breach response, then they need authority over how risk exceptions are handled and documented,\u201d Gogia explains. \u201cMore and more CISOs are being handed sprawling portfolios: compliance, fraud, privacy, ESG. But without matching headcount, budget, or political backing. If everything is the CISO\u2019s problem and nothing is within their control, the only rational move is to walk.\u201d<\/p>\n

CISO as single point of failure<\/h2>\n

Zach Lewis<\/a>, CISO at the University of Health Sciences and Pharmacy in St. Louis, believes the portion of CISOs looking to exit is even higher than the IANS findings.<\/p>\n

\u201cI think it absolutely is higher than that. Every CISO I know now is open [to leaving]. They are all heavily looking. They want something new,\u201d Lewis says, though he notes a difference in whether a CISO works for private enterprise versus a publicly held one<\/a>.\u00a0<\/p>\n

\u201cEver since the SEC started looking at charging CISOs, those [SEC] comments are making them skittish. They want to remain a CISO but not in a publicly traded company,\u201d Lewis says.\u00a0<\/p>\n

Cybersecurity consultant Brian Levine<\/a>, a former federal prosecutor who today serves as executive director of FormerGov, has also seen heightened concern from CISOs at public companies.<\/p>\n

\u201cWhen breach liability becomes personal and board support feels performative, CISOs start asking: \u2018Is this worth it?\u2019 Increasingly, the answer is \u2018no,\u2019\u201d Levine says. \u201cIf boards want to retain top cyber talent, they need to stop treating CISOs like risk absorbers and start treating them like strategic enablers. Influence, budget, and legal protection aren\u2019t perks: They\u2019re prerequisites. That disconnect is driving some of the best out the door.\u201d<\/p>\n

Levine also finds fault with the lack of meaningful CISO succession plans<\/a> at many enterprises.<\/p>\n

\u201cWe need to build deputy pipelines and rotate talent. Right now, too many CISOs are single points of failure and they know it,\u201d he says.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Enterprise CISOs are increasingly willing \u2014 and eager \u2014\u00a0to jump ship, with some frustrated enough to want to leave cybersecurity entirely.\u00a0 A recent survey of security leaders from IANS Research and Artico Search found that 69% of security executives \u201care open to making a career move within the next year, often targeting CISO roles at a larger company or in a different industry, but also… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15765","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15765"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15765\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}