The challenges of 2023 left the role of CISOs relatively insulated, based on findings from a study by IANS and Artico Search.

The recent statistics showed a decrease in the average CISO compensation increment from 14% in the preceding year to 11%. Notably, there was a significant increase in the percentage of CISOs who did not receive any pay raise, surging to 20% from the earlier 10%. The percentage of CISOs who enjoyed higher retention bonuses and equity packages saw a downturn, dropping to 12% from 21% and to 8% from 24%, respectively.

Nick Kakolowski, the Senior Research Director at IANS, commented that even in a rigorous economic scenario, CISOs largely enjoyed compensation hikes. He highlighted that while CISO roles have been expanding and taking on more responsibility, the pay increases haven’t always been proportional, especially for those in the middle and lower market quartiles. This discrepancy could potentially lead to a shift, supported by data showing that 75% of the surveyed CISOs contemplated changing jobs within the next year.

Over the past three years, financial and tech sectors consistently occupied the top spots for CISO compensation. In 2023, CISOs in the financial services sector had an average yearly compensation of $728,000, while those in technology had an average of $678,000. Meanwhile, CISOs in the legal and manufacturing industries received the least, averaging at $550,000. However, the US West Coast continued to be a lucrative location for CISOs, mainly owing to the generous equity packages that pushed the average total compensation to $628,000.

Regarding earnings based on skills, a mere 6% of those surveyed earned between $500,000 and $600,000, with 8% earning between $600,000 and $700,000. In contrast, a majority, about 52%, earned less than $400,000, while 20% earned above $700,000. Significantly, CISOs having a technological orientation in their roles received around 15% more than those aligned more towards business risk management. The premium skill set was a tech foundation combined with expertise in product or application security, with these professionals commanding an average of $700,000.

Amid budgetary constraints affecting recruitment and a hiring freeze, there was a notable decline in job changes with only 12% of CISOs switching roles in the past year, a dip from 21% in 2022.

Steve Martano, an executive recruiter at Artico Search, emphasized the significant portion of security budgets allocated to staff compensation. He pointed out that while CISO compensation has been on an upward trend, the high retention packages and substantial market-adjusted increments observed in recent years are waning. Martano also drew attention to the current job market dynamics and advised CISOs to enhance their market value, suggesting a focus on personal branding, business acumen, and executive presence to make a compelling case for potential employers.