State of the CISO, 2023–2024:  Benchmark Report is Live

January 17, 2024 | By IANS Research

Tightening budgets, increased breach volumes, advanced AI tools and new SEC mandates - 2024 brings a unique mix of challenges and opportunities for CISOs. Navigating an exceptionally complex landscape, CISOs are having to do more with less and risk personal legal exposure.

The upside? Increased pressure on organizations gives CISOs more leeway to influence business leadership along with an unprecedented opportunity to argue for a place in the executive ranks.

In this piece, we're highlighting findings and guidance from our State of the CISO, 2023–2024 Benchmark Report around conditions impacting the CISO role including the importance of recurring board engagement which enables CISOs make informed decisions to advocate for visibility and level-up their position in the executive ranks.

This edition of the annual survey, jointly fielded with Artico Search, featured objective data from over 660 CISOs regarding roles, compensation, job satisfaction, board engagement and career development.

 

Half of CISOs engage with their board at least quarterly

The new expectations for CISOs flowing from the new SEC rules and heightened accountability require regular and recurring CISO-board collaboration. CISOs indicated a desire for quarterly updates and table-top exercises or just to establish more of a rapport with the board. For half of the respondents, this is the case at their organization. They engage with their board quarterly—even more often when needed.

However, for 25%, board access is limited to just once or twice per year, 12% meets with the board purely on an ad hoc basis and 13% have no board engagement at all.

Even among companies with annual revenue exceeding $10 billion—most of which are publicly listed firms—just 60% of CISOs meet with the board regularly and 21% once per year, at most.

Director-level CISOs are the least likely to have quarterly recurring board engagement (see Figure 1).

 

 

 

CISO job satisfaction declines as consideration of job change rises

This year’s CISO satisfaction ratings, which are a part of the survey data, suggest heightened anxiety among CISOs. Moreover, the data shows that a growing number of CISOs are interested in a job change relative to prior years.

Over a multiyear period, a change in CISO satisfaction is accompanied by an inverse change in the percentage of CISOs considering a job change. Between 2022 and 2023, the share of CISOs satisfied in their job and company fell by 10 points to 64%. Meanwhile, the share that is open to a job change increased by 8 points to 75% (see Figure 2).

 

 

 

CISOs satisfaction increases with board access around budgets and risk

CISO satisfaction with the leadership’s handling of security budget requests drops dramatically in absence of regular and recurring board engagement. Just 28% of those without board engagement are satisfied versus 57% with, at least, infrequent, or ad hoc board contact.

IANS Faculty member and Artico Search partner, Steve Martano elaborates on this trend:

“We see CISO satisfaction positively correlated with access and influence at the board level. CISOs with a strong rapport with their boards feel more valued and, generally, report they are ‘heard,’ even when there are disagreements on budgeting.”


CISO Compensation & Security Budget Benchmark Reports

Each year, IANS, in partnership with Artico Search, conducts a survey of CISOs across the U.S. and Canadas on CISO compensation, security budgets, key security staff compensation and job satisfaction.

The findings from this survey are published in a series of in-depth reports that feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, budget, department and career path.

Download the State of the CISO, 2023–2024 Benchmark Report - the fourth in our 2024 series of reports – for additional insights and data on the evolving CISO role within the security organization.

 

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.


Access time-saving tools and helpful guides from our Faculty.


IANS + Artico Search

State of the CISO, 2023–2024 Benchmark Summary Report

Get New IANS Blog Content
Delivered to Your Inbox

Please provide a business email.