Skip to main content
close search
site logo

How CISO salaries are faring as businesses ask more of security

As CISOs become more welcomed as full members of the C-suite, they are enjoying the compensation and perks that come with the status.

Published March 28, 2024
By Sue Poremba
The words "In God We Trust" are seen on U.S. currency October 14, 2004 in Washington, DC. Alex Wong via Getty Images

Across multiple salary surveys, the highest ranking security officer in an organization will make well into six figures.

The Foushee Group’s Security and Compliance Compensation Survey found the average salary plus bonus is $471,638 annually, with other incentives that, depending on the length of employment, could lead to another $200,000 in compensation benefits. 

“What we’re seeing is that all jobs [among security leaders] are running about 4.1% overall in terms of base salary increases for the year,” said Stephen W. Walker, partner in the Foushée Group, Inc., during a phone interview.

While these increases aren’t significantly higher than those in other industries, in the more than twenty years that Walker’s company has conducted these surveys, security jobs tend to increase above pay-increase trends in other positions because of the development of security positions across all organizations. 

Cyber has emerged as a top business risk for business worldwide, raising the visibility of the security function. Businesses are spending more on security, too, but it's considered a growing cost center.

Today, that gives security professionals have a much higher role within a company and provides them a seat at the table with the rest of leadership. 

“The security function itself has blossomed based on necessity,” said Walker. 

In turn, salaries have followed suit, though they are fixed Walker pointed out. That’s why bonus programs can be more attractive. If the company is doing well, the top security official will share in those successes.

Tech skills vs. business skills

CISOs take different paths to reach their position, but when it comes to salaries, those with high-level tech skills are the best rewarded. 

A CISO with a strong tech background will earn approximately 15% more than those who have a business risk management background, according to an IANS Research and Artico Search study. When technical skills include application security or product security, those CISOs move to the highest levels of compensation, with an average of $700,000 with salary, bonuses and benefits.

Keeping those high-tech CISOs is also a consideration in compensation. Companies will pay more to keep that CISO talent in-house with retention packages and market-adjusted pay raises.

This is proving essential to businesses due to the stress levels CISO face — the majority of those in these security executives would consider a job change, IANS Research and Artico Search found.

Salary transparency makes a difference

In recent years, a number of states introduced pay transparency laws that require companies to disclose salary and compensation in job postings. This may have helped with the steady and higher-than-average increase in CISO salaries.

“People can see easier what they are worth,” said John Bambenek, President at Bambenek Consulting, in an email interview. 

CISOs aren’t blind to the status perks of being part of the C-suite leadership team. For years, they were treated as an adjunct executive or as part of the CIO’s team — and many CISOs continue to report to the CIO, according to an Osterman study. They knew the benefits they were missing.

But now, as CISOs are more welcomed as full members of the C-suite, they are enjoying the compensation and perks that come with the status. 

But salaries can only do so much.

CISOs continue to fight against value biases that leave them underpaid. 

Part of the challenge to pay value is the reality that security is still not seen as a revenue generator for organizations. Leadership tries to stretch more work out of fewer people, said Bambenek. A CISO’s higher salary can be seen as a replacement for more staff.

Being asked to do more is creating a burnout problem for CISOs. Businesses are also holding CISOs responsible for not meeting ever-changing regulatory demands and legal fallout around cyber incident. 

Job satisfaction among CISOs is declining as their job duties continue to change and CISOs abandoning the profession will force organizations to reconsider compensation beyond a salary, one that includes work-life balance. 

“Every company wants to attract and retain the best talent they can,” said Walker. 

Filed Under: Leadership & Careers

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Leadership & Careers
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell