Client Portal
| Become a Client
Home All Blogs 2025 Large Enterprise CISO Snapshot: Higher Compensation - Lower Satisfaction

2025 Large Enterprise CISO Snapshot: Higher Compensation - Lower Satisfaction

May 29, 2025
Large enterprise CISOs are managing multimillion-dollar security budgets while navigating increasingly complex roles. Despite high compensation many CISOs report low job satisfaction—leading a majority to remain open to new opportunities.
IANS Research

Large enterprise CISOs manage larger security budgets and bigger teams, which provides them with higher compensation packages and more senior reporting lines. But CISO job satisfaction is lacking in this segment, according to the results of our 2025 Compensation and Budget for CISOs in Large Enterprises Benchmark Report, which makes them more open to changing jobs in the next 12 months.

 

Access More Reports: Take the 2025-2026 CISO Comp & Budget Survey

 

Large Enterprise Security Budget Breakdown

CISOs at large enterprises—businesses with annual revenues exceeding $1 billion—allocate the largest share (35%) of their budgets to staff and compensation, according to our most recent benchmark report. (See Figure 1.) As the revenue grows, so do staff and compensation budgets. For instance, large enterprises with more than $20 billion in revenues allocate 38% of their security budget to staff and compensation.

Figure 1 — Large Enterprise Security Budget Breakdown

 

“When discussing seven-figure annual compensation packages, CISO comp structures look more akin to executive compensation packages found in a company’s proxy statement with cash typically maxing out in the $750,000-$900,000 range, regardless of the total annual compensation and equity making up the majority (often vast majority) of multimillion-dollar annual compensation packages,” says Steve Martano, IANS Faculty and partner in Artico Search’s cyber practice.

To analyze CISO compensation within the large enterprise segment, the report relied on self-reported compensation metrics: base salary, annual bonus, and annual equity values. The average total compensation for large enterprise CISOs is $700,000, and compensation increases with revenue with CISOs at $20B+ enterprises averaging $1.1 million in total comp. Total compensation (defined as base salary plus bonus and equity) varies significantly, with the median CISO earning $532,000 and the top 10% earning more than $1.3 million annually. The highest-paid CISOs are responsible for seven- to eight-figure security budgets and oversee teams of more than 200 staff.

Following staff and compensation, off-premises software is the second largest segment of the security budget, accounting for 25% of the funds. Outsourcing consumes 14% of security budgets at large enterprises, while on-premises software consumes 8% of the overall security budget. As the higher revenue ($20B+) organizations are allocating more to staff and compensation, they are putting less towards off-premises software (16%) and outsourcing (9%) and investing more in on-premises software (11%) than those organizations with between $1 billion and $2 billion in revenue.

 

Download: The 2025 Comp and Budget Report for CISOs in Tech

 

Large Enterprise CISO Experience

Large enterprise CISOs bring a lot of experience to the table. On average, these CISOs boast 10 years of role tenure, meaning experience as a CISO across employers, and for some, more than half is with their current employer. And the bigger the company, the more experience the CISO has. (See Figure 2.)

Figure 2 — Large Enterprise CISOs' Background and Experience

According to our findings, most large enterprise CISOs gained experience across multiple companies and multiple industries. For instance, $20+ billion enterprise CISOs are more likely to have multi-company experience in a single sector because these companies have the resources to be more selective when hiring and prioritize sector-specific candidates.

For the majority of CISOs in large enterprises, their executive roles following a career that began in IT infrastructure, architecture, and engineering, development and operations, and/or security and operations. Candidates with compliance backgrounds such as governance, risk management and compliance, and audit/risk assessment are more common among the smaller large enterprises, reflecting the need for a broader range of skills at these companies.

The research also revealed that the larger the company, the more years of experience the CISOs have. For instance, CISOs at $1 billion to $2 billion revenue companies average eight and a half years across employers, while CISOs at $20+ billion organizations average more than 11 years of role tenure, which reflects the fact that experience is critical at Fortune 200-size organizations. These CISOs also stay with current employers longer compared to their peers at smaller companies.

“One of the challenges CISOs face is they have only reported to tech, led technical teams, and managed technical budgets. When elevating an enterprise CISO role, the position is less about technical acumen and more about business risk and business alignment,” says Matt Comyns, co-founder and president at Artico Search. “In some respects, the market is training technical leaders in a way that is mismatched from the aspired job of CISO.”

Lower CISO Job Satisfaction

Large enterprise CISOs might be among the highest paid across industries, yet our report reveals that many CISOs feel stretched too thin, and low job satisfaction keeps them open to new opportunities. (See Figure 3.)

Figure 3 — Large Enterprise CISOs' Satisfaction With Their Job

CISOs were asked to rate their job satisfaction across four key areas: security budget, compensation, board visibility, and career development. The results show that satisfaction with budget received the lowest ratings overall among CISOs in the $1 billion to $2 billion and $5 billion to $20 billion organizations. We expect this reflects frustration at being asked to do too much with not enough resources.

CISOs at higher revenue ($20+ billion) and lower revenue (between $1 billion and $2 billion) organizations also both expressed dissatisfaction with their compensation. CISOs in the $20+ billion segment could experience dissatisfaction with their compensation when comparing it to that of other executive leaders within their organization who receive higher compensation packages. CISOs at the smaller revenue organizations likely are dissatisfied with their compensation when compared to that of the higher-revenue organizations. These CISOs are also the most dissatisfied with their level of visibility and engagement with the board. This group also shows the largest percentage of CISOs considering a job change in the next 12 months.

CISO Compensation & Security Budget Benchmark Reports

Each year, IANS, in partnership with Artico Search, releases a series of benchmark reports on CISO compensation, security organization, security staff compensation, and job satisfaction.

These in-depth reports feature new takeaways, uncover a wealth of insights, and provide valuable leadership guidance to fine-tune your current role, department, and career path.

Download our 2025 Compensation and Budget for CISOs in Large Enterprises Benchmark Report — and gain access to these and other valuable insights and data sets.

Take our CISO Comp and Budget Survey in less than 10 minutes and receive career defining data and other valuable insights and data sets.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.

 

 

 

Subscribe to IANS Blog

Receive a wealth of trending cyber tips and how-tos delivered directly weekly to your inbox.

Please provide a business email.