Why the short-term CIO could threaten the enterprise

A stable C-suite goes a long way in promoting the overall strength and reputation of an organization. But CIOs have a reputation for having relatively short tenures when compared to other members of the C-suite.

"Depending on which study you read, the average time a CIO spends in a role is between three and five years, with four years being the most commonly reported timescale," said Ian Cox of Axin Ltd in his blog, the CIO Leader. "Chief Financial Officers appear to last longer with average tenures of just under six years."

Chief Executive Officers also stay in their posts for about six years, according to Cox.

Short-tenured CIOs present a number of challenges for an organization, but perhaps the biggest challenge is the potential for security holes. This was recently illustrated at NASA.

In April, a report by NASA’s inspector general stated that the organization’s lack of consistent leadership was undermining its ability to protect itself from cyberattacks. Over the past year and a half, NASA has had three "acting" senior security officers in the CIO's department, which has led to "confusion at the agency over roles and responsibilities," the report said.

NASA has failed to cultivate an "information security program plan to effectively manage its resources," the report added. The inspector general recommended the agency hire a permanent security chief and develop an agency wide security plan to remedy its shortcomings.

Earlier in April, a report released by security risk benchmarking startup SecurityScorecard ranked NASA dead last among 600 government entities it evaluated between April 2015 to April 2016.

The bottom line: Inconsistent leadership in any organization can make it difficult to develop and maintain well-defined security plans.

"Corporations without executive security leadership are at an increased risk to cyber threats," agreed John Lane, CISO at Biscom. "In the event of an attack, or even potential attack, the lack of leadership threatens response times and limits direction needed when properly responding based on regulation and legislation."

"A leaderless ship during a cyber storm may lead to disaster including large costs, fines and lawsuits," Lane said.

Why CIOs stray

There are several factors that might cause a CIO to leave a company. Some of the most common include limited authority over IT and other organizations, lack of resources or a limited budget.

"However, the most important reason is typically a lack of support from executive management," said Lane. "In order to effectively make changes within the organization, having access to the right resources and authority helps to quickly resolve any issues that might put the company at risk—helping reduce overall stress and increase job satisfaction."

Of course that’s assuming that the CIO leaves by choice. Just as often, a CIO can be pushed out.

Cox said he often sees CIOs hired to fix a specific problem within an organization. But after a few years focusing on addressing that specific issue, the CIO may stagnate.

"From my experience many CIOs tend to stand still once the initial changes are implemented," said Cox. "In other words, having resolved the problems they encountered on joining the organization, they then move to a steady state mode, which involves managing the IT function, maintaining the platform and performing upgrades and changes when necessary."

"The problem with this approach is that the rest of the organization is very rarely in a steady state," Cox said.

Business needs continue to change and, if the IT capability does not keep up with this rate of change, then it can very quickly fall behind and struggle to deliver what the rest of the organization requires, Cox added.

"So within a year or two of successfully transforming IT, a CIO can find themselves under pressure and facing criticism from stakeholders whose needs are now not being met," Cox said. "And if they cannot (or in some cases will not) respond to this pressure quickly enough then they will soon become another CIO with a short tenure."

Secrets to success

So what might help ensure a CIO stays with a company longer? While higher pay and better benefits are enticing, many end up staying based on the levels of support provided from company executives and boards, said Lane.

And CIOs can help their own cause by continuing to evolve, said Cox.

"In the digital age this means understanding what the organization’s customers are going to need next and how technology can help meet this need, and it means thinking about how technology can be used to enable or create new business models, products and services," said Cox. "In other words, CIOs have to become proactive business leaders instead of just being reactive technology leaders."

"CIOs that can continually evolve the organization’s IT capability will become one of the stronger members of the C-suite and will see their survival rates growing as a result," Cox said.