CISO salary growth slowing - and they're expected to seek change

Tech-oriented CISOs tend to earn more than those focused on compliance

Most CISOs earn either less than $400,000 or above $700,000 a year, survey finds

Image:
Most CISOs earn either less than $400,000 or above $700,000 a year, survey finds

The pay disparity between the highest-earning and lowest-earning Chief Information Security Officers (CISOs) is expanding, as top executives' salaries rise at three times faster than their counterparts in lower positions.

These findings are based on the most recent results of IANS' study, which surveyed a total of 660 CISOs and other security executives - although the majority, 600 respondents, were in North America.

The survey, conducted between April and August 2023, showed that average CISO wages are either below $400,000 or above $700,000.

Most (52%) earn less than $400,000 annually, while 20% are paid $700,000 or more.

Only 6% of respondents fall in the $500,000 - $600,000 range, and 8% earn between $600,000 and $700,000.

The average increase in CISO compensation rose 11% this year, a decrease from the 14% seen in 2022.

Notably, pay did not increase for one out of every five CISOs.

The percentage of security leaders receiving higher retention bonuses fell to 12%, from the previous figure of 21%. Additionally, the proportion of CISOs with "substantial" equity packages was down to 8%, from the previous 24%.

"At a macro level, CISOs had a good year as significant compensation increases continued despite a challenging economic environment," said Nick Kakolowski, senior research director at IANS.

"On closer inspection, we're seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability. Commensurate compensation increases aren't extending into the middle and lower quartiles of the market. We expect CISOs to seek change as a result - something evidenced in 75% of respondents saying they are considering a job change in the next 12 months."

However, the study also highlighted a more competitive landscape for the CISO role. It identified a fall in the number of companies actively searching for CISOs.

As organisations became more cautious with their recruitment budgets and implemented hiring freezes this year, there was a significant decline in job switching among CISOs.

Only 12% of CISOs reported switching positions in the last 12 months, a notable fall from the 21% who did so in 2022.

According to the study, having a strong technical background yields higher compensation than a background focused on business risk management.

CISOs with a technical orientation earn roughly 15% more compared to those with a more GRC (governance, risk and compliance)-leaning background.

The most lucrative skill combination involves a technical background with expertise in product security or application security; CISOs with these qualifications have an average total compensation of $700,000.

The financial services and technology sectors were the highest-paying for CISOs this year. Financial security leaders reported an annual average compensation of $728,000, while those in the tech industry had an average compensation of $678,000.

On the other hand, CISOs in the legal and manufacturing sectors had the lowest total compensation (on average), averaging $550,000.