CISO Salary Growth Slowing - And They're Expected To Seek Change

Tech-Oriented CISOs Tend To Earn More Than Those Focused On Compliance

The pay disparity between the highest-earning and lowest-earning Chief Information Security Officers (CISOs) is expanding, as top executives' salaries rise at three times faster than their counterparts in lower positions.

CISO Salary Growth Slowing - And They're Expected To Seek Change

These findings are based on the most recent results of IANS' study, which surveyed a total of 660 CISOs and other security executives - although the majority, 600 respondents, were in North America.

The survey, conducted between April and August 2023, showed that average CISO wages are either below $400,000 or above $700,000.

Most (52%) earn less than $400,000 annually, while 20% are paid $700,000 or more.

Only 6% of respondents fall in the $500,000 - $600,000 range, and 8% earn between $600,000 and $700,000.

The average increase in CISO compensation rose 11% this year, a decrease from the 14% seen in 2022.

Notably, pay did not increase for one out of every five CISOs.

The percentage of security leaders receiving higher retention bonuses fell to 12%, from the previous figure of 21%. Additionally, the proportion of CISOs with "substantial" equity packages was down to 8%, from the previous 24%.

"At a macro level, CISOs had a good year as significant compensation increases continued despite a challenging economic environment," said Nick Kakolowski, senior research director at IANS.

"On closer inspection, we're seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability. Commensurate compensation increases aren't extending into the middle and lower quartiles of the market. We expect CISOs to seek change as a result - something evidenced in 75% of respondents saying they are considering a job change in the next 12 months."

However, the study also highlighted a more competitive landscape for the CISO role. It identified a fall in the number of companies actively searching for CISOs.

As organisations became more cautious with their recruitment budgets and implemented hiring freezes this year, there was a significant decline in job switching among CISOs.

Only 12% of CISOs reported switching positions in the last 12 months, a notable fall from the 21% who did so in 2022.

According to the study, having a strong technical background yields higher compensation than a background focused on business risk management.

CISOs with a technical orientation earn roughly 15% more compared to those with a more GRC (governance, risk and compliance)-leaning background.

The most lucrative skill combination involves a technical background with expertise in product security or application security; CISOs with these qualifications have an average total compensation of $700,000.

The financial services and technology sectors were the highest-paying for CISOs this year. Financial security leaders reported an annual average compensation of $728,000, while those in the tech industry had an average compensation of $678,000.

On the other hand, CISOs in the legal and manufacturing sectors had the lowest total compensation (on average), averaging $550,000.

This article was originally published on our sister site, Computing UK.