- The median-cash compensation for CISOs rose 15% this year reaching $584,000, up from $509,000 in 2021, according to the CISO survey from executive search firm Heidrick & Struggles released Tuesday. Median total compensation is up too, reaching $971,000 this year from $936,000 last year, when factoring long-term incentives.
- But there is a dramatic uptick in compensation in the 95th percentile of those surveyed. Total compensation for top CISOs reached almost $4.4 million, of which $1.6 million is cash compensation. Heidrick & Struggles surveyed 327 CISOs for the report.
- There's vast differences across geographies and industries. Median total compensation is highest for CISOs in the technology and telecommunications or financial services sector. It is also highest for CISOs on the West Coast or in the Mid-Atlantic.
More attention to enterprise cybersecurity has raised the visibility of cybersecurity chiefs. Cybersecurity fallouts are heavily documented in financial documents and regulators are raising the bar for security standards and disclosure.
This puts CISOs in the hot seat, spurring the advent of a new breed of executive, one who can master the security requirements while speaking the language of the board to show stakeholders how and why they should care about security.
As Heidrick & Struggles points out, "there is still a very wide disparity between the 'average CISO' and the outliers." This, of course, is influenced by the revenue of the CISO's company. Greater revenue largely correlates to a greater total compensation.
That said, as the equity markets cool, it could affect compensation for top CISOs, according to the report.
There is a ceiling to CISO compensation. Total cash compensation growth is highest for those CISOs in their role for less than a year — up 40% year over year — but for those in their role five or more years, total cash compensation dropped 3%
With the market eager for technology talent, even at the highest levels, tenured CISOs will see more compensation opportunities outside of their organization. If a CISO is promoted into their role and has a longer tenure, they are more than likely underpaid, the report said.