CISO Pay Rises 7% Despite Slowing Budget Growth
▼ Summary
– CISO compensation in North America grew by an average of 6.7% this year, but the top 1% earn over $3.2 million, which is 10 times the median and 20 times the bottom 10%.
– Budget growth for cybersecurity slowed to 4% this year, the lowest in five years, despite increasing cyber-risks from AI, cloud investments, and a dynamic cybercrime ecosystem.
– CISO mobility increased, with 15% changing employers this year, but those who stayed received an average 8.1% compensation increase compared to 5% for those who switched.
– Many CISOs are prioritizing influence, visibility, and culture over pure compensation, with companies responding by offering them greater strategic roles.
– Most CISOs receive equity (70%) and perks like D&O insurance and executive coaching, with tech and financial services being the highest-paying sectors at $844,000 and $744,000 respectively.
Compensation packages for Chief Information Security Officers (CISOs) across North America saw a notable increase this year, even as budget growth for cybersecurity initiatives slowed. A comprehensive new study reveals that average CISO pay rose by nearly 7%, highlighting the continued demand for experienced security leadership despite tightening financial conditions. This trend underscores the critical role these executives play in guiding organizations through an increasingly complex threat environment.
The survey, which gathered responses from over 560 CISOs in the United States and Canada, found that total compensation, including salary, bonuses, and equity, grew significantly. However, the distribution of earnings is far from uniform. The top one percent of CISOs reported total compensation exceeding $3.2 million, a figure roughly ten times the median and twenty times that of the lowest ten percent. This substantial disparity is largely driven by the size of equity packages and often correlates with the scale of the organization, with leaders at Fortune 100 companies frequently earning well above the reported averages.
While compensation is trending upward, CISOs are encountering new challenges in securing adequate resources. Budget growth for cybersecurity programs slowed to just 4% this year, the lowest rate recorded in the past five years. This comes at a time when organizations face expanding cyber-risks, fueled by greater adoption of artificial intelligence and cloud technologies, which broaden the potential attack surface. A dynamic and well-funded cybercrime ecosystem adds further pressure, making the CISO’s role in advocating for sufficient funding more crucial than ever.
Recent comparisons show a clear deceleration in budget expansion. Last year, cybersecurity budgets grew by 8%, and a larger proportion of CISOs reported increases. This year, fewer than half of the respondents saw their budgets rise, while a growing number reported no increase at all.
The study also highlighted increased mobility among security leaders. Fifteen percent of CISOs changed employers this year, up from 11% the previous year. Interestingly, those who remained with their current organizations often gained expanded responsibilities and received an average compensation increase of 8.1%, compared to a 5% raise for those who switched jobs. Industry experts note that the competition for skilled security leaders remains strong, though priorities are evolving. Many CISOs are now placing greater emphasis on organizational influence, visibility, and corporate culture, not just financial rewards. Forward-thinking companies are responding by integrating their security leaders more deeply into strategic decision-making.
Additional findings show that equity compensation is common, with 70% of CISOs receiving stock options or grants, in some cases accounting for up to half of their total pay. The technology and financial services sectors lead in compensation, offering average packages of $844,000 and $744,000, respectively. Beyond direct pay, the majority of CISOs receive valuable benefits such as Directors and Officers insurance, deferred compensation plans, enhanced health packages, and executive coaching, reflecting the high-stakes nature of their positions.
(Source: Info Security)
