Many CISOs don’t fail because of security incidents. They fail because of their first 90 days.
The role of the CISO has never been more critical – or more difficult to sustain. Over the past few years, the average tenure of CISOs has remained relatively short, with many security leaders leaving roles within just a few years. Increasing expectations, constant threat pressure, and growing accountability have turned the position into one of the most demanding executive roles in modern organizations.
But while much attention is given to hiring the right CISO, far less focus is placed on what happens next: onboarding.
And that may be where organizations are getting it wrong.
A Role Built on Pressure
ISOs operate under constant pressure: balancing technical risk, business priorities, regulatory demands, and board expectations. Industry insights show that this sustained stress is contributing to higher turnover rates and increasing burnout among security leaders.
Many CISOs maintain high performance levels despite this pressure, leading teams through crises while managing day-to-day challenges. But unlike other executive roles, CISOs often face a unique imbalance: they are held accountable for risk without always having the authority or organizational alignment to effectively manage it.
This dynamic can create friction early in a CISO’s tenure – especially during the critical first months.
In fact, burnout has become a growing factor in CISO turnover. Some security leaders are leaving corporate roles entirely, shifting to consulting or virtual CISO positions in search of greater control and reduced pressure. At the same time, many organizations fail to fully recognize security successes or provide the executive authority that should accompany the level of accountability assigned to the role.
When this happens, the seeds of frustration are planted early, often during onboarding.
The First 90 Days: More Than Just Onboarding
Recent industry guidance, including insights published by The CISO Network (2026) and Forbes Business Council (2025) – emphasizes that the first 90 days for a new CISO are not simply about learning the environment, but about establishing credibility, building relationships, and aligning expectations.
During this period, CISOs must:
| Phase | Focus Area | Goal |
| Days 1-30 | Discovery | Understand business risk appetite & culture. |
| Days 31-60 | Relationship Building | Establish trust with the Board and stakeholders. |
| Days 61-90 | Strategic Roadmap | Align security goals with business objectives. |
These early decisions often shape long-term success, or accelerate early departure.
Without structured onboarding and organizational alignment, CISOs may struggle to gain traction, increasing the likelihood of frustration and turnover.
Why This Matters to Organizations
Frequent CISO turnover creates real organizational risk. Security programs lose momentum, institutional knowledge disappears, and teams face uncertainty during leadership transitions.
Organizations that treat CISO onboarding as a strategic initiative – rather than an administrative process, are better positioned to retain leadership and strengthen long-term security posture.
Successful onboarding means:
- Clear expectations from leadership
- Defined authority and accountability
- Access to institutional knowledge
- Alignment between security and business objectives
“Onboarding is not just about helping the CISO succeed: it’s about helping the organization remain secure.”
A Shift in How We Think About CISO Transitions
As the role continues to evolve, organizations are beginning to recognize that hiring a strong CISO is only the first step. Supporting them through the early stages of their tenure may ultimately determine whether they succeed – or become another short-term statistic.
In today’s threat landscape, stability in security leadership is not a luxury.
It’s a necessity.
For Further Reading
This blog post was based on the insights presented in:
The CISO Network. (2026, April 2). A practical guide to your first 90 days as a CISO. Retrieved from https://thecisonetwork.com/blog/first-90-days-ciso
CybersecTools. (2026, February). CISO first 90 days: What to do and what to avoid. Retrieved from https://cybersectools.com/resources/ciso-first-90-days
Forbes Business Council. (2025, December 1). The first 100 days of the new CISO: Why they are key to long-term success in the role. Retrieved from https://www.forbes.com/councils/forbesbusinesscouncil/2025/12/01/the-first-100-days-of-the-new-ciso
Pratt, M. K. (2022, February 1). CISOs are burned out and falling behind. CSO Online (Foundry). Retrieved from https://www.csoonline.com/article/3637500/cisos-are-burned-out-and-falling-behind.html
