EXECUTIVE SUMMARY:

Evolving CISO compensation trends

The disparity in earnings between the highest-paid and lowest-paid CISOs is growing, with the most well-compensated security executives seeing a salary growth rate of 3X that of their counterparts in lower market quartiles, according to a recent IANS survey of 600 U.S.-based CISOs.

The majority of professionals in the CISO role fall into salary brackets that are either below $400,000 or higher than $700,000 annually. Fifty-two percent of CISOs are currently earning less than $400,000 per year, and 30% of this group earns less than $300,000 per year.

At the other end of the spectrum, 20% of CISOs have an income that surpasses $700,000, and among these individuals, 50% command more than a million dollars per year.

Tightening market for CISOs

As cyber security ramped up in importance for organizations across the past decade, CISO compensation generally rose in parallel.  However, the average increase in compensation for CISOs in 2023 rose at a modest 11%, down from 14% in 2022, with one out of five CISO not receiving additional compensation at all.

The market for CISOs has tightened. There are fewer companies actively seeking CISOs than in the past, and even among those that are conducting candidate searches, the compensation packages may not be as enticing as previously.

Last year, all CISO who switched employers to secure higher compensation received salary boosts, according to available data. In contrast, this year, only 67% of CISOs who have changed employers obtained salary increases.

Factors affecting CISO compensation

The compensation pullback can be attributed to a variety of factors. These include:

• General economic conditions
• A backlash over CISO and cyber security compensation across the past few years
• Companies that are playing ‘supply and demand’ games in relation to the labor market
• Decreases in cyber security budget

Key skills for lucrative CISO compensation

CISOs who come from a tech-oriented background receive roughly 15% more in total compensation than peers with a stronger focus on business risk management.

The most lucrative skillset for CISOs includes a technical foundation, particularly in areas like product security or application security, with CISOs in this category enjoying an average total compensation of $700,000.

Enhancing CISO marketability

Until markets expand options, CISOs may want to improve their marketability by strengthening their personal brand, elevating their competence in business acumen and working on their ‘executive presence.’

Improving marketability can heighten prospects of advancements for an individual within a given company, and it can help impress prospective employers.

More recommendations

CISOs who wish to join the ranks of the highest earners are encouraged to set their sights on positions with the top three sectors. These are the only sectors that offer compensation exceeding the median package of $500,000.

Unsurprisingly, Finance takes the top spot. In this sector, the average CISO compensation package reaches $728,000. The technology sector comes in second, with an average compensation package of $678,000. Finally, the general business services sector offers CISOs compensation of roughly $570,000, on average.

For more CISO insights like this, please see CyberTalk.org’s past coverage. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.