Three of four CISOs ready for job change

Growing anxiety over new and expanded demands for their jobs has many CISOs mulling over an employment change, according to an annual research study released Wednesday. The State of the CISO 2023-2024 Report, by IANS research and Artico Search, revealed that 75% of CISOs are open to a job change, an eight-point jump from the previous reporting period.

The report, based on a survey of 663 CISOs and unstructured interviews with 100 more in a range of industries and company types across the US and Canada, also found that CISOs who said they were satisfied with their job and company dropped during the period by 10 points, to 64%.

“Satisfaction has been rising consistently for the past few years, but last year, it dipped,” says IANS Research Director Nick Kakolowski. “Last year, the pressure on CISOs ratcheted up big time with the new SEC rules and CISOs being held personally liable for breaches.

In late July, the SEC announced that public companies were required to disclose any material breach within four business days of discovering that the incident has material impact. “The SEC disclosure ruling shook up cybersecurity leadership across multiple industries,” explains Devin Ertel, CISO at Menlo Security, a zero-trust web security company. “Given the relatively vague language of the ruling, CISOs are on edge about how these regulations will impact their work and turn their jobs into potential areas in which they can be prosecuted, since it’s common knowledge that the full impact of a breach can take months, if not years, to become known after rigorous investigation.”

Doom and gloom on CISO forums

Kakolowski explained that while pressure has ramped up for CISOs, the rewards haven’t. “Businesses still haven’t figured out how to elevate the CISO in the business and compensate them accordingly,” he says. “The job is getting harder and the rewards just aren’t there.”

“The environment surrounding CISOs is extremely turbulent right now, and their individual exposure to lawsuits is at an all-time high. CISOs face a real danger of being indicted or sued for things outside of their control,” adds Patrick “Pat” Arvidson, chief strategy officer for Interpres, a maker of a threat-informed defense surface management platform.