.png?sfvrsn=114ec1e0_2)
Security leaders at large enterprises are navigating a more constrained and complex operating environment, according to new benchmark data from IANS and Artico Search. Based on responses from 355 CISOs at organizations with more than $1 billion in annual revenue, the findings point to a role that continues to expand in scope even as key resources evolve more slowly.
Get The Large Enterprise CISO: A 2026 Benchmark Report on Budgets
Budget Growth Continues, But at a Slower Pace
Security budgets increased in 2025, but growth is moderate compared to the prior year. On average, budgets rose 5%, down from 8% in 2024. At the same time, a significant portion of organizations reported limited or no growth, reinforcing a more uneven funding environment.
Security investment is also shifting in relative terms. While overall IT budgets continue to expand, security budgets are declining as a share of IT spend. AI and other IT infrastructure investments are absorbing a disproportionate share of new IT dollars, reshaping how incremental funding is allocated.
“In large-scale enterprises, small increases in software renewals can add up to large-scale dollars that quickly erode a flat or declining budget.” - Steve Martano, IANS Faculty member and partner at Artico Search
Compensation Reflects Scale and Complexity
Compensation for large enterprise CISOs continues to vary significantly by organizational size. Median cash compensation ranges from the mid-$300K range at smaller large enterprises to well over $600K at the largest organizations. Equity remains a key differentiator, particularly at the highest revenue tiers, where total compensation can reach seven figures for roughly half of CISOs at the largest organizations.
In addition to financial compensation, executive protections and benefits are becoming more common, reflecting the legal exposure associated with the role.
Expanding Scope, Persistent Trade-offs
The data highlights the increasingly broad mandate CISOs are expected to manage. In addition to core security responsibilities, the role now includes substantial cross-functional engagement across executive leadership and the board.
This dual focus—technical leadership and business alignment—requires a meaningful time investment. Cross-functional engagement alone accounts for a notable portion of the weekly workload, reinforcing the shift toward a more strategic, enterprise-facing role.
At the same time, only about half of large enterprise CISOs describe their scope as fully manageable, pointing to ongoing trade-offs between priorities, staffing, and execution.
Career Mobility Remains High
The findings also suggest continued movement within the CISO population. A majority of respondents are considering a move or are undecided about their next step, with interest in new roles increasing at key tenure milestones.
Career ambitions vary by organization size, but broadly reflect a mix of upward mobility, expanded influence, and, at the highest levels, a shift toward governance-oriented roles such as board positions.
“The four-year mark is a critical one for CISOs because, for the most part, the transformation that’s been driven has already happened.” - Matt Comyns, co-founder and president of Artico Search, in the report.
Ongoing Role Evolution
Taken together, the data reveals that the CISO role continues to evolve in both scope and expectations. Budget growth persists but is more constrained, organizational demands are expanding, and career trajectories are becoming more fluid. Download the full report, The Large Enterprise CISO: A 2026 Benchmark Report on Budgets, Compensation, and Scope, to dig into how budget allocation, staffing models, compensation structures, and long-term career paths vary by revenue segment.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.