What do you think about CISOs getting fired following a breach or major security incident?

1.2k views5 Comments

Founder/Chairman/CTO in Telecommunication, 201 - 500 employees
Firing the CISOs for a breach almost works in opposition to your security posture because it makes it harder to focus on the things that matter more. The more time you spend on keeping everyone out and making sure that everything is as under control as possible from the outside in, the less time you spend thinking about detection, response, potential lateral movement, what could be taken, how you can block xFill, etc. There's a balancing act that needs to be brought back into it on a constant basis.
Director of Information Security in Telecommunication, 10,001+ employees
I was reading interesting research about the highest risks for CISOS, and getting fired after a major security incident is not the biggest risk for CISOs anymore.
Best CISOs are able to lead protection for the board (such as insurance coverage and severance) that allows them to keep doing their job without being affected by threats of career risks.
However, to answer your question, I also believe that CISOs accept the fact that a major security incident may be the cause for their termination, it is a risk that they consider.
If CISOs are not able to provide evidence of the security posture they have put in place, and relevant security controls effectiveness and monitoring, then being fired may be the right thing.
Firing someone just for the sake of firing, and for showing that the company is at least doing something security related, is not the right move.
C-PIO in Software, 10,001+ employees
Security is always a concern. To fire a CISO following a major breach in security may or may not be justified. A thorough investigation needs to take place. There are many reasons for a breach and some are ultimately undependable. If every prudent measure was in place and working then you have to look at the situation differently.
Director in Construction, 1,001 - 5,000 employees
It comes back to the culture and expectations of your CISO.  If CISO reporting show big green check marks and other wonderful attributes, and after the incident it was found that the CISO was negligent then replacement is in order.  In most cases the organization should understand risk, and if all agreed to risk then all are accountable.  You don’t fire a F1 driver because of a single crash- but if the F1 driver is crashing more often then finishing then you need to reconsider who is in the seat.
Head of Information Security in Finance (non-banking), 1,001 - 5,000 employees
Senior-level executive (CISO) will be taken responsible following a breach or major security incident. CISO will be confirmed corporate cybersecurity strategy. The main reason for the major incident occurred from the wrong direction of strategy and program. CISO can be getting easily fired. Then I am expecting d CISO salaries higher than other senior-level executives.

Content you might like


We’re currently discussing this45%

No, but I expect that may change18%

No, and I don’t expect that to change5%

Other (please explain in the comments)1%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
39.8k views130 Upvotes318 Comments