One in five CISOs miss out on pay raise

The CISO role was partially shielded from the macroeconomic challenges of 2023, according to a new research from IANS and Artico Search.

20% of CISOs did not receive a raise

The most recent average CISO total compensation increase was 11%, down from 14% the previous year. This year, 20% of CISOs did not receive a raise, double that of a year ago, while the share of CISOs with bigger retention bonuses and equity packages also declined to 12% (from 21%) and to 8% (from 24%), respectively.

“At a macro level, CISOs had a good year as significant compensation increases continued despite a challenging economic environment,” stated Nick Kakolowski, Senior Research Director at IANS. “On closer inspection, we’re seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability. Commensurate compensation increases aren’t extending into the middle and lower quartiles of the market. We expect CISOs to seek change as a result – something evidenced in 75% of respondents saying they are considering a job change in the next 12 months.”

For the last three years, financial services and technology firms have remained in the top-3 highest paying for total compensation. In 2023, financial services CISOs reported a total annual average compensation of $728,000, with technology CISOs reporting $678,000.

Legal and manufacturing CISOs have the lowest total compensation, averaging $550,000. CISOs working on the US West Coast lead the country with $628,000 in total compensation due to their significantly higher equity packages.

Higher earnings for those with technical skills

Only 6% of respondents earn between $500,000 – $600,00, with 8% between $600,000-$700,000. While 52% earn below $400,000 and 20% earn over $700,000.

CISOs with a tech-leaning background earn approximately 15% higher total compensation than those with a more business risk management background. The highest-paying combination of proven skills is a technical background that includes product security or application security. These CISOs average total compensation of $700,000.

As companies tightened spending on recruiting and froze hiring, there was a steep decline in movement. Only 12% reported changing jobs in the last 12 months, compared to 21% in 2022.

“More than one-third of security budgets are typically dedicated to staff compensation, so when budgets are tightened, it has an effect on CISO compensation. Though we’re still seeing an overall increase in CISO pay, the trends we saw in recent years of high retention packages and large-scale market-adjusted bumps in pay are becoming less common,” stated Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice.

“Additionally, with less movement in the market, we’re seeing fewer CISOs landing large-scale pay increases by changing companies. Until the market opens up with more options, we recommend that CISOs work on their marketability by strengthening their personal brand, elevating their competence in business acumen and their executive presence to position themselves strongly with prospective employers,” added Martano.