These findings are based on the most recent results of IANS' study, which surveyed a total of 660 CISOs and other security executives - although the majority, 600 respondents, were in North America.
The survey, conducted between April and August 2023, showed that average CISO wages are either below $400,000 or above $700,000.
Most (52%) earn less than $400,000 annually, while 20% are paid $700,000 or more.
Only 6% of respondents fall in the $500,000 - $600,000 range, and 8% earn between $600,000 and $700,000.
The average increase in CISO compensation rose 11% this year, a decrease from the 14% seen in 2022.
Notably, pay did not increase for one out of every five CISOs.
The percentage of security leaders receiving higher retention bonuses fell to 12%, from the previous figure of 21%. Additionally, the proportion of CISOs with "substantial" equity packages was down to 8%, from the previous 24%.
"At a macro level, CISOs had a good year as significant compensation increases continued despite a challenging economic environment," said Nick Kakolowski, senior research director at IANS.
"On closer inspection, we're seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability. Commensurate compensation increases aren't extending into the middle and lower quartiles of the market. We expect CISOs to seek change as a result - something evidenced in 75% of respondents saying they are considering a job change in the next 12 months."
However, the study also highlighted a more competitive landscape for the CISO role. It identified a fall in the number of companies actively searching for CISOs.
As organisations became more cautious with their recruitment budgets and implemented hiring freezes this year, there was a significant decline in job switching among CISOs.
Only 12% of CISOs reported switching positions in the last 12 months, a notable fall from the 21% who did so in 2022.
According to the study, having a strong technical background yields higher compensation than a background focused on business risk management.
CISOs with a technical orientation earn roughly 15% more compared to those with a more GRC (governance, risk and compliance)-leaning background.
The most lucrative skill combination involves a technical background with expertise in product security or application security; CISOs with these qualifications have an average total compensation of $700,000.
The financial services and technology sectors were the highest-paying for CISOs this year. Financial security leaders reported an annual average compensation of $728,000, while those in the tech industry had an average compensation of $678,000.
On the other hand, CISOs in the legal and manufacturing sectors had the lowest total compensation (on average), averaging $550,000.
This article was originally published on our sister site, Computing UK.
