IANS And Artico Map The Rise Of The Million-Dollar CISO
June 20, 2025 – A highly readable and insightful report that’s just come out, the 2025 State of the CISO Report by IANS and Artico Search, presents a comprehensive analysis of how the CISO role is evolving in today’s enterprise landscape.
Based on survey responses from over 800 CISOs, the report tracks shifts in organizational structure, compensation, boardroom engagement, and career trajectory. It segments the profession into three categories: Strategic, Functional, and Tactical CISOs, based on their access to leadership and strategic influence.
These distinctions help clarify how scope, visibility, and perception impact satisfaction, influence, and pay.
A standout finding: CISOs at companies with over $20 billion in revenue now average $1.1 million in total compensation, with top earners exceeding $1.3 million. That is a far cry from where these executives were just a few years ago.
These executives often manage security budgets of more than $100 million and lead teams of 200+ professionals. This scale reflects not just operational complexity, but an elevation of cybersecurity leadership into true enterprise strategy.
Expanded Scope
All of this marks a distinct shift in the redefinition of the CISO, from cybersecurity leader to enterprise executive. In fact, as the report highlights, “large organizations pay higher compensation to dual CISO/CIOs, with an average annual pay of $1 million and the top quartile starting at $1.5 million.” These hybrid roles place CISOs at the intersection of security, infrastructure, digital transformation, and enterprise risk.
Currently, 15 percent of organizations have adopted a dual CISO/CIO structure, especially among companies with revenues above $1 billion. These positions reverse the traditional structure where IT oversaw security, now placing security at the helm of enterprise technology.
Strategic Visibility
At companies with more than $10 billion in annual revenue, 65 percent of CISOs now engage with the board on a quarterly basis or more. This frequency reflects increasing expectations for CISOs to inform governance and shape enterprise risk strategy.
Yet, the report reveals a critical tension: “Even strategic CISOs who are close to leadership and invited to critical board sessions may find themselves perceived more as technical operators who provide mandatory updates on security maturity models, rather than as thought partners with truly strategic input and impact.”
As the cybersecurity function becomes increasingly integral to organizations, the CISO role continues to grow in importance, complexity and scope of responsibilities. This evolution presents an opportunity for CISOs to expand their strategic influence with top leadership and opens up avenues for professional growth, according to recent report from IANS and Artico Search. “By effectively navigating these changes, CISOs can elevate their impact and unlock new career paths—and, in many cases, achieve even greater job satisfaction and higher compensation,” the report said.
Most CISOs are experiencing a growing scope of responsibilities, expanding into areas beyond information security, such as business risk, broader security functions, IT and digital transformation. This evolution can be challenging to manage and does not always lead to greater satisfaction with career development. However, when managed effectively, expanded scope can lead to greater executive-level access and visibility, opening new opportunities for career advancement—a welcome prospect for tenured CISOs at large public enterprises who have been asking themselves, “What’s next?”
This disconnect suggests that while CISOs are being invited into board-level conversations, they are not always treated as peers to other C-level executives, limiting their ability to fully influence business decisions.
The Impact of Scope on Pay
The expansion of the CISO’s remit is directly tied to compensation. While nearly all CISOs manage core infosec domains, those with broader responsibilities, ranging from enterprise risk to AI governance, are driving the top end of the compensation spectrum.
Related: CISO Market Cools: Report Reveals Trends in Demand and Compensation
The report notes that top earners increasingly manage portfolios that include “AI, M&A security, data governance, comprehensive IT oversight, and digital transformation and innovation.” These areas directly intersect with enterprise growth and performance, increasing the CISO’s exposure to cross-functional leadership.
The payoff is clear. Median total compensation for dual CISO/CIOs is $1.1 million, with the top 10 percent earning over $2.7 million. By contrast, traditional CISOs, those who do not own IT or adjacent business functions, report median compensation of $669,000.
A New Era for Cyber Leadership
As IANS and Artico summarize, “These evolving career trajectories underscore the growing strategic importance of the CISO role and the valuable, multidisciplinary skill set these leaders bring to organizations.”
CISOs are now charting paths not only toward enterprise technology leadership but also into emerging roles like chief trust officer, CRO, and even board director. This evolution signals a broader trend: security leadership is no longer a back-office function, it is a front-line driver of resilience, performance, and trust.
For boards, investors, and executive search firms, these shifts signal a recalibration in how cyber leadership is defined, valued, and recruited. The rise of the million-dollar CISO is not just a compensation story, it’s a strategic signal that security leadership is now business-critical.
Reprinted from with permission from ExitUp!
Contributed by Scott A. Scanlon, Co-CEO, Evan Berta, associate – Hunt Scanlon Ventures
