Skip to main content

64% of CISOs hired from outside, highlighting retention issues

Image Credit: Getty Images

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


The number of CISOs hired from another company is an astounding 64%, according to new research from Marlin Hawk.

The research shows that there isn’t a good plan for keeping current CISOs happy, succession planning is nonexistent, and there seems to be a lack of hiring from within.

Some of the key findings from the report include that more than half of those interviewed (53%) have been in current roles for two years or less, which means they started a new job during the COVID-19 pandemic. Though the role of CISO has greatly changed, most do not have seats on Boards.

As the world emerges into a post-pandemic reality, the importance of a robust cybersecurity function has never been more apparent. In 2020, virtually all companies were exposed to multiple security challenges in the race to accommodate a remote workforce. In the face of these challenges and mounting fiscal pressure, the Chief Information Security Officer (CISO) emerged as one of the most resilient and dynamic members of the C-suite.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

In addition to quantitative analysis, this report includes qualitative research gathered from semi-structured interviews focused on the short- and long-term impacts of the pandemic on the CISO role, perspectives on tenure and succession, the evolution of the cyber function, and board level impact.

James Larkin, Partner at Marlin Hawk added, “We cannot go back in time and add to the graduating classes of the ’80s, ’90s, or ’00s. If organizations want to bolster their cyber talent ranks, while maintaining the technical watermarks already set, then internal training, management rotations, accreditation and broader career experience have to be taken into account. Otherwise, we will see a continued supply shortage for another decade waiting for the next generation of leaders to arrive.”

Marlin Hawk’s second annual CISO report analyzed the profiles of the top 470 CISOs across North America, Europe, and Asia Pacific with a lens on the current environment. The data this research paper references is Marlin Hawk proprietary data, which surveyed 470 CISO (or equivalent) executives employed at businesses with 10,000 or more employees. This data comprises 300 North American businesses in Canada and the United States; 125 European businesses and 45 Asia Pacific businesses.

Read the full report by Marlin Hawk.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.