CISO Market Cools: Report Reveals Trends in Demand and Compensation

New report from IANS Research and Artico Search reveals CISO compensation remains strong despite 2024 market slowdown. Despite a quieter market, top cybersecurity leaders continue to command competitive packages, especially in high-paying sectors like tech and financial services, as organizations prepare for evolving security challenges. Let’s take a closer look!

November 21, 2024 – Following an active market for CISOs in 2021 and 2022, the demand for top security talent softened in 2023 and remained calm through the first half of 2024. During that period, many companies tightened budgets and adopted more-cautious hiring practices, resulting in a quieter market with reduced CISO rotation and fewer aggressive counteroffers, according to recent report from IANS and Artico Search. To find out how these conditions impacted compensation for CISOs, the companies conducted their fifth annual CISO Compensation and Budget Research Study. The report found that the past 12 months have been quiet in terms of CISO rotation. In the 2024 survey, 11 percent of respondents changed employers, similar to the CISO turnover rate of 12 percent for 2023 and in stark contrast to 2022, when 21 percent of respondents made a job switch.

The IANS and Artico Search report found that this year’s average merit increase for base salary is 5.6 percent. While this is similar to last year, increases for bonuses, equity and total compensation are down. The average total compensation increase stands at 6.3 percent, which is about a point below the 2023 average total comp increase. “People have asked about salary depression in the security function, but we see no evidence of it,” said Steve Martano, partner, cyber security practice, at Artico Search. “We are seeing modest increases, mostly merit increases, as CISOs are not changing jobs in large numbers like we’ve seen in previous years. Although the market is improving quarter after quarter, we are far from the previous environment in which CISOs regularly entertained multiple offers and counteroffers.”

“CISOs are navigating a tepid hiring market fueled by tight corporate budgets for much of 2024,” said Nick Kakolowski, senior research director at IANS. “While the data shows that the market has cooled, the continued evolution of the cybersecurity landscape has created a dynamic in which CISOs with vast and diverse experience are continuing to see substantial rewards.”

“With the increases in CISO scope, additional complexity of the threat environment and continued regulatory scrutiny, we’re seeing CISO compensation continue its upwards trajectory,” said Mr. Martano. “We are starting to see early signs of recovery in the second half of 2024, with growing security budgets and increased demand for top talent as organizations prepare for new challenges in the evolving threat landscape.”

Despite lower turnover, employers continue to offer incentives for CISOs to switch, according to the IANS and Artico report. For 70 percent of CISOs, their latest comp increase was primarily based on merit. That leaves 30 percent of CISOs who indicated their wages grew for other reasons. The largest average increases are linked to an employer change or a retention incentive/ counteroffer, in each case resulting in a 31 percent average boost to total compensation. This is followed by a promotion, one-time bonus and a change in scope of responsibilities.

Incentives for Job Switching and Retention

Comparing the composition of various comp increases, the report found that cash (base salary and bonus) makes up the largest share of merit increases and raises attached to a promotion, unlike switching and retention incentives that rely heavily on equity. The three-year trend for CISOs who reported that changing employers or retention incentives were the primary drivers of their compensation increases reinforces the relative calm in the market observed in the CISO movement data presented earlier in the report. The average size of pay increases related to employer change and retention incentives was impacted less over the same period. In 2022, CISOs reported a total comp boost of 37 percent for changing employers and a 19 percent increase associated with retention offers, versus 31 percent and 31 percent in 2024, respectively.

Related: The Hunt for Cyber Technology Leaders Heats Up as Risks Multiply

“In today’s environment of cash preservation, we’re seeing companies utilize equity more often than cash as a negotiation and retention tool,” said Mr. Martano. “Public companies are using equity to entice new security leaders and to retain them, privately held companies similarly leverage equity-rich packages to preserve EBITDA in preparation for a transaction.”

Differences in Pay By Gender

The IANS and Artico report also explored the impact of gender on compensation levels, revealing a notable gender gap, especially when comparing CISOs of opposite genders at the same organizational level. In the study’s sample of U.S.-based CISOs, 89 percent identify as male and 10 percent as female. While the overall difference in cash and total compensation between male and female CISOs is minimal, a comparison at the director level shows a significant gap. Female director-level CISOs earn more, with the difference exceeding $150,000. At the VP-level, female CISOs also receive higher comp, although the gap narrows to $40,000.


Heightened Demand for Cybersecurity Leaders Keeps Executive Recruiters Busy
Increasingly, organizations of all sizes are awakening to the perils posed by cyberattacks. For years, many groups tried to ignore the problem, dismissing cybersecurity as a concern only for the biggest, most high-profile entities, be they government or corporate. These days, more groups are coming to understand how ruinous such intrusions could be and cyberattacks show no signs of abating.


“Security organizations remain male dominated, so many CISOs are making a concerted effort to identify and uplift high-performing women, particularly those with technical backgrounds and burgeoning business skills,” said Mr. Martano.

Compensation Differs Across Sectors, Geographies, Experience and Org Levels

Over the past five years, financial services and tech firms have consistently ranked among the top three industries for CISO total compensation, and this year is no exception, the IANS and Artico report found. Tech CISOs lead with an average total compensation of $721,000, of which $407,000 (56 percent) is cash compensation. For the healthcare sector, we differentiated between hospital/clinics and healthcare companies (healthcare operations, healthcare services, health tech, health insurance, healthcare financial, medical devices and pharmaceuticals). “The different business models and ownership types between these groups significantly impact CISO compensation levels,” the report said. “Healthcare CISOs generally receive higher cash compensation and equity packages compared to their counterparts in hospitals or clinics.”

The IANS and Artico report notes that the median compensation values for most sectors are close to the overall median, indicating consistency in mid-level compensation across industries. That said, consumer goods and services stands out as a sector with a median value that is 26 percent higher than the overall average, suggesting fewer low earners in this sector.

“The financial services sector and tech sector are known for paying leaders in the top-quartile,” Mr. Martano said. “This is validated in our data, where we see the top 25 percent and top 10 percent values in the tech and financial services sectors are at least 25 percent higher than the overall top 10 percent. We also see financial services with more cash-heavy packages compared to the equity-rich packages found in the tech sector.”

To read the full report click here!

Contributed by Scott A. Scanlon, Editor-in-Chief; Dale M. Zupsansky, Executive Editor – Hunt Scanlon Media

Share This Article

RECOMMENDED ARTICLES

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments