"Too often there's a lack of leadership, funding, and a vision for what the department could be."
This pretty much wraps up the problem. If this happened with the other business units within the organization, they'd have the same problems. Just because someone is a rockstar analyst or engineer, doesn't mean they would make a great manager/leader. Anyone familiar with the Peter Principle? People rise (promoted) to their level of incompetence.
I'd rather my CISO have a solid background in business and management than coming from a cyber background.