Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
For CISOs, building and refining the cybersecurity organization is an ongoing responsibility and includes the timing of new functional leadership hires of the caliber befitting of their security agenda. Challenges are common for CISOs making org and staffing
decisions for a dynamic organization influenced by market conditions, growth objectives, acquisition strategies and regulatory changes.
In this piece, we're highlighting findings from our 2023 Security Organization and Compensation Benchmark Report around security org design across different revenue milestones to help CISOs make more informed decisions about hiring for key functional leadership roles.
This edition of the annual survey, jointly fielded with Artico Search, featured objective data from over 660 CISOs on org design and compensation for seven—dedicated and full-time—security
functional leader roles, one level down from the CISO.
In general, there is a positive correlation between revenue size of the overall organization and size and complexity of the cybersecurity organization.
Survey respondents were grouped by the size of their company which identified common elements of their security teams and org structure. That resulted in three distinct org designs, each with a corresponding annual revenue range, as laid out in Figure
Differences in organizational design appear at various stages of growth—measured in annual revenue and focused on the management layer of the cybersecurity organization that reports to the CISO. The org charts below are based on survey responses
from 660 CISOs about leadership positions in their management teams (see Figure 2).
An industry-agnostic cybersecurity management org chart shows that:
Understand what top security talent costs vs. your budget
We encourage CISOs to use the combination of org designs and comp benchmarks so that as they identify key roles they need to fill as their organization matures, they can quickly assess budget implications.
Steve Martano, partner in Artico Search advises that: "When going to market to fill a key leadership position, CISOs should know how much highly regarded top talent costs. They can then make informed decisions regarding trade-offs between comp and experience/skill
Understand the company’s strategic direction
In addition, CISOs need to be forward-thinking in considering the strategic direction of the wider organization. This includes discussions in the boardroom and having a pulse on leadership’s strategy related to company organic growth plans and acquisitions.
Research-backed data like this is not only helpful for CISOs to use it as input into their org design and hiring decisions but also in benchmarking how their security org structure compares to their industry peers.
Each year, IANS, in partnership with Artico Search, conducts a survey of CISOs across the U.S. and Canadas on CISO compensation, security budgets, key security staff compensation and job satisfaction.
The findings from this survey are published in a series of in-depth reports that feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, budget, department and career path.
Download our 2023 Security Organization and Compensation Benchmark Report - the third in our 2023 series of reports – for additional insights and data for functional leaders within the security organization.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
November 30, 2023
By IANS Research
CISOs, find guidance on what to focus on within the first 30 days, 6 months and first year of your tenure to ensure a fast, successful start.
November 28, 2023
Use this checklist of best practices, designed to help CISOs and cybersecurity leaders protect their organizations and avoid SEC compliance missteps.
November 21, 2023
Access key data sets from the 2023 edition of IANS and Artico Search’s Security Organization and Compensation Benchmark Report. Gain valuable insights on functional leadership compensation to hire and retain top security talent.