October 11, 2023 at 10:43AM
According to a survey of 600 US-based CISOs, the pay gap between top-earning and bottom-earning CISOs is widening, with the highest-paid executives seeing their salaries increase at three times the rate of those in lower positions. The majority of CISOs earn either below $400,000 or above $700,000 annually. Overall, CISO compensation grew 11% YoY, but the growth rate has slowed from the previous year. Despite rising overall, the growth rate of retention bonuses and equity packages has fallen. Compensation packages are one reason why more CISOs are considering job changes, including those in top quartiles.
According to the meeting notes, the gap between the highest-paid and lowest-paid Chief Information Security Officers (CISOs) is widening. The highest-paid CISOs have seen their salaries increase at three times the rate of those at the lower end of the scale. It was found that most CISOs earn either below $400,000 or above $700,000 per year. The majority of CISOs fall within the bracket of earning less than $400,000 annually, with 30 percent earning less than $300,000. On the other hand, one in five CISOs earn above $700,000 per year, and half of these earn more than $1 million annually. Only a small percentage of CISOs fall within the middle pay ranges of $400,000-$700,000.
Total compensation for CISOs is calculated by combining base salary, annual target bonus, and annual equity value. Overall, CISO compensation has grown by 11 percent year-on-year, although the growth rate has slowed compared to the previous year. The growth rate of retention bonuses and equity packages has also decreased compared to the previous year, despite an overall increase. It was noted that 20 percent of CISOs earning above $700,000 did not receive a pay rise this year, double the number compared to the previous year.
The meeting notes also mentioned that an increasing number of CISOs are looking for opportunities at other companies. Around three-quarters of the surveyed CISOs expressed their intention to either definitely or possibly seek a new role, an increase of 8 percent compared to the previous year. While compensation is a factor influencing this trend, even CISOs in the top quartiles are also looking elsewhere, primarily due to issues with job progression and work-life balance. The decline in compensation growth this year is attributed to macroeconomic trends, including scaled-back security budgets after heavy spending in the previous two years.
The meeting notes highlighted the sectors that offer higher-than-average compensation packages for CISOs. The finance sector tops the list with an average total compensation package of $728,000, followed by the tech sector with $678,000. The general business services sector also pays above average at $569,000. In contrast, CISOs in the legal sector earn less on average, with a total package of $333,000, mostly in cash rather than including equity value. Healthcare is the only other industry offering a below-average total compensation package.
Despite the mentioned decline in compensation growth, Gartner’s latest data shows that most areas of cybersecurity spending saw a year-on-year increase in 2023. The analyst house expects this upward trend to continue into 2024. The meeting notes also indicate that CISOs are taking on larger roles and increased liability within their organizations, but the commensurate compensation increases are not extending to middle and lower quartiles. Consequently, it is expected that CISOs will seek job changes, as evidenced by 75 percent of respondents considering a job change within the next 12 months.