Found a stat about CISO tenure that blew my mind

Was reading through some Gartner research last night. Apparently the average CISO tenure is now down to around 18 months. That’s wild to me. Back when I started in cybersecurity marketing around 2015, I remember people talking about 3-4 year stints being normal. Makes me wonder how you even build a long term security strategy when the top person keeps bouncing. Found it buried in a report from August 2024. The data came from a survey of 500 companies across North America. I guess the pressure is just getting worse every year. Has anyone else seen this trend affecting how you pitch your marketing campaigns?

3 comments

3 Comments

harper_foster13d ago

@milacraig makes me wonder if the vendors just sell to the crisis instead of the strategy.

val_williams12d ago

That part about "shouting into a void" really hit me. I remember at my old job we had this marketing director who spent six months building a whole campaign around "security as an enabler" just as our CISO quit. The new guy came in and killed the whole thing because he wanted to focus on "compliance first." Marketing was furious because they had all these materials ready to go. Its like the vendors have to pick a lane and just hope their customer stays in it long enough to buy something.

milacraig13d ago

Hearing that 18 month figure really hits hard. I've watched two CISOs at a mid sized company I used to work with burn out and leave within 18 months each. They both came in full of energy, trying to fix years of neglect, and just got crushed by the board demanding results yesterday. It's rough because you can see them putting out fires non stop instead of building anything solid. Marketing must feel like shouting into a void when your audience keeps changing every year and a half.