Despite slower hiring trends and tighter budgets, chief information security officer (CISO) compensation continues to rise, with the average U.S.-based CISO earning $565K, and top earners exceeding $1 million.
Notably, the top 1% of CISOs command starting salaries of $3 million, reflecting the growing value of experienced cybersecurity leaders.
The report, conducted by IANS Research in collaboration with Artico Search, analyzed compensation data from over 750 CISOs across industries.
Nick Kakolowski, senior research director at IANS, explained the scope of the CISO role is expanding rapidly.
“CISOs are taking on more responsibility and being elevated within the business, putting a premium on the role,” he said.
The study found CISO turnover has also decreased significantly, dropping to 11% in the first half of 2024 from 21% in 2022, limiting opportunities for pay increases through job changes.
Job changes remain the most lucrative path to higher pay, with CISOs who switched employers seeing a 31% boost in compensation, primarily driven by equity-based packages.
From Kakolowsk’s perspective, choosing to stay or go is a risky decision, adding that CISOs thrive in that space.
“We know CISOs are interested in new opportunities,” he said. “They’re just waiting for the right ones.”
In fact, security budgets are expected to grow by 8% in the second half of 2024 and the report revealed three-quarters of CISOs are open to new roles.
Kakolowski explained even though budgets are growing, they aren’t keeping up with scope.
“As infosec gets pulled into a wider range of tasks, look for opportunities to strengthen relationships with other executives, build alliances on key initiatives, and tie your goals to critical business growth objectives,” he said.
George Jones, CISO at Critical Start, said carefully assessing the long-term potential of equity-based packages, which can be more lucrative in the long run compared to base salary increases (albeit with greater risks), is critical for CISOs.
“Comparing projected equity value with immediate cash compensation can help determine the best path forward,” he said.
Staying with a current employer might offer stable merit increases. However, if the company’s security budget or investment in cybersecurity is stagnating, the CISO’s ability to influence decisions or advance into more strategic roles could be impacted.
Jones noted work-life balance and mental health concerns should also be considered when weighing job changes.
“Some job offers may provide higher compensation but come with more stress and longer hours, which may not be worthwhile in the long run,” he cautioned.
The study also found that CISOs with diverse experience across multiple companies or industries earned 65% more than peers who stayed with a single employer.
Kakolowski noted varied experience is increasingly critical for CISOs, not just to maximize their earnings, but also to excel in a role that is changing quickly and facing continual scope creep.
“Leading CISOs are thinking just like other business executives – mapping out their career goals, planning how they want to gain exposure to different industries and skill sets, and working with coaches to accelerate their personal growth,” he said.
Dan Anconina, CISO at XM Cyber, said that while changing companies typically brings the biggest salary increases, there are several strategies CISOs can use to grow within their current organization and still enhance their compensation.
Taking on additional responsibilities — such as overseeing IT or privacy functions — can increase their value within the organization.
“Expanding your role to manage other key functions justifies higher compensation,” Anconina said.
Driving innovation is another critical path to growth. By leading initiatives in areas like AI security, generative AI governance, or large language model (LLM) security, CISOs can showcase leadership and forward-thinking.
“Introducing new technologies shows leadership, which can lead to salary growth,” Anconina explained.
Additionally, joining leadership and board-level discussions can elevate a CISO’s influence.
“By aiming for roles in strategic decision-making, CISOs can ensure they’re part of discussions that shape the company’s future,” Anconina said.
Recent Articles By Author