The most recent average CISO total compensation increase was 11 percent, down from 14 percent the previous year. This year, 20 percent of CISOs did not receive a raise, double the number of a year ago.
Research released today from IANS Research and Artico Search finds that the share of CISOs with bigger retention bonuses and equity packages also declined to 12 percent (from 21 percent) and to eight percent (from 24 percent), respectively.
“At a macro level, CISOs had a good year as significant compensation increases continued despite a challenging economic environment,” says Nick Kakolowski, senior research director at IANS. “On closer inspection, we’re seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability. Commensurate compensation increases aren’t extending into the middle and lower quartiles of the market. We expect CISOs to seek change as a result — something evidenced in 75 percent of respondents saying they are considering a job change in the next 12 months.”
The survey of over over 600 CISOs and other security executives finds financial services and technology firms have remained in the top three highest paying for total compensation. In 2023, financial services CISOs reported a total annual average compensation of $728,000, with technology CISOs reporting $678,000. Legal and manufacturing CISOs have the lowest total compensation, averaging $550,00. CISOs working on the US West Coast lead the country with $628,000 in total compensation due to their significantly higher equity packages.
While 52 percent of CISOs earn below $400,000 and 20 percent earn over $700,000, there are relatively few in the middle ground. Only six percent of respondents earn between $500,000-$600,000, with eight percent between $600,000-$700,000.
“More than one-third of security budgets are typically dedicated to staff compensation, so when budgets are tightened, it has an effect on CISO compensation. Though we’re still seeing an overall increase in CISO pay, the trends we saw in recent years of high retention packages and large-scale market-adjusted bumps in pay are becoming less common,” stated Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice. “Additionally, with less movement in the market, we’re seeing fewer CISOs landing large-scale pay increases by changing companies. Until the market opens up with more options, we recommend that CISOs work on their marketability by strengthening their personal brand, elevating their competence in business acumen and their executive presence to position themselves strongly with prospective employers.”
CISOs looking to negotiate a better deal can get the full report from the IANS site.
Image credit: Nattakorn/depositphotos.com
