Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
One of CISOs’ core responsibilities is designing a security organization that supports the needs of the business. The structure of the information security function broadly reflects where
a company is in their security journey which, in turn, is determined by a company’ size and complexity as well as their industry and corresponding cyber maturity.
For CISOs, org design entails decisions about the formation and evolution of their leadership team and the acquisition and retention of leadership talent.
In this piece, we're highlighting findings from our 2022 Security Organization and Compensation Benchmark Report around compensation to help CISOs in their organizational decisions and in talent recruitment.
This edition of the annual survey, jointly fielded with Artico Search, featured objective data from over 520 CISOs on compensation for seven—dedicated and full-time—security functional leader roles,
one level down from the CISO.
Data from our CISO respondents found that for the seven leadership roles, the average cash compensation (base salary plus bonus) is $262,000 with a median of $226,000. The average annual total compensation (cash compensation plus equity value) is $301,000
with a median of $245,000.
The median amounts for both cash comp and total compensation are lower than the averages. The reason is a small share of high earners at the director level or above pull up the entire sample averaging 80% ahead of other staff. The Deputy CISO role has
the highest total annual compensation at $382,000, nearly 30% above average (see Figure 1).
Steve Martano, partner at Artico Search, highlights the specifics of the Deputy CISO role and its high comp relative to other leader roles: “Above-average compensation for the Deputy CISO role stems from the fact that this is a succession planning
role. Further, it is more common at large firms, where compensation is higher than at small firms.”
Effective security programs depend on having the right functional leaders in place to support the demands of the business. Hiring and retaining leaders is often linked to CISO compensation and performance bonuses. It follows that CISOs have not only a
personal incentive to hire and retain top staff but a financial one as well.
Matt Comyns, co-founder and president, and Steve Martano, partner in Artico Search, see four themes dominating the hiring of cyber leadership talent:
We used respondent’s data, to compare the overall average with the top 25% and top 10% functional leadership compensation averages. The average top 25% annual cash compensation in the sample, is $426,000, roughly 60% above the $262,000 overall average.
Total compensation in the top 25% averages $540,000, nearly 80% higher than the $301,000 average for the entire sample.
To attract and keep top talent with the experience of leading mature cyber program functions, CISOs should focus on paying rates in the top quartile comp brackets to gain a recruiting and retention advantage.
Research-backed data like this is not only helpful for CISOs to retain and hire top staff but also in benchmarking how their security org structure compares their industry peers.
Each year, IANS, in partnership with Artico Search, releases a series of benchmark reports on CISO compensation, security budgets, key security staff compensation and job satisfaction.
These in-depth reports feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, department and career path.
Download our 2022 Security Organization and Compensation Benchmark Report– the third in our series – for additional insights and data for functional leaders
within the security organization.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 26, 2023
By IANS Faculty
Access key data sets from the 2023 edition of IANS and Artico Search’s Security Budget Benchmark Report. Gain valuable insights on security budget increases and the drivers behind them.
September 21, 2023
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.