- Half of security leaders will change jobs by 2025, Gartner predicts, spurred by a sectorwide cycle of burnout.
- Of those, one-quarter are expected to move into entirely different roles. "Some will move workplaces, while others will take on different roles — for example, taking up creative roles or becoming an evangelist," Deepti Gopal, director analyst at Gartner, said in an email.
- Gartner blames "unsustainable levels of stress" in cybersecurity for the expected job changes. The psychological toll of the field can also affect the quality of decisions and impede on performance, too, Gopal said in the research statement.
The negative experience of a CISO — and the burnout it can cause — stem from enterprise mismanagement of security, which can lead to team attrition too.
“CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do," Gopal said.
Gartner found organizations that place risk management in a lower priority than industry peers have little executive support and build security programs around compliance.
Concerns about where security executives fit in the C-suite hierarchy are well documented. While most CISOs report to a CIO, CTO or top engineering executive, just 8% report to the CEO, Heidrick & Struggles found.
If organizations shift reporting structure, with CISOs reporting to CEOs, it would solve most cybersecurity problems, analyst firm Forrester says.
CISOs reporting to the CEO have higher workforce visibility, experience fewer breaches and have more seamless access to funding than their IT-aligned peers, a Forrester survey found.
Sure, rethinking hierarchy is not a silver bullet. But with CISOs visible at the top, they have more clout to wield when setting security priorities or shaping messages to staff.