Tenure matters, but not as you might suspect. Median total cash compensation dropped among CISOs in their roles five or more years, Heidrick & Struggles found.
More attention to enterprise cybersecurity has raised the visibility of cybersecurity chiefs. Cybersecurity fallouts are heavily documented in financial documents and regulators are raising the bar for security standards and disclosure.
This puts CISOs in the hot seat, spurring the advent of a new breed of executive, one who can master the security requirements while speaking the language of the board to show stakeholders how and why they should care about security.
As Heidrick & Struggles points out, “there is still a very wide disparity between the ‘average CISO’ and the outliers.” This, of course, is influenced by the revenue of the CISO’s company. Greater revenue largely correlates to a greater total compensation.
That said, as the equity markets cool, it could affect compensation for top CISOs, according to the report.
There is a ceiling to CISO compensation. Total cash compensation growth is highest for those CISOs in their role for less than a year — up 40% year over year — but for those in their role five or more years, total cash compensation dropped 3%
With the market eager for technology talent, even at the highest levels, tenured CISOs will see more compensation opportunities outside of their organization. If a CISO is promoted into their role and has a longer tenure, they are more than likely underpaid, the report said.
Get the free daily newsletter read by industry experts
Addressing the causes of burnout requires a top-down approach that better aligns security teams with the rest of the business.
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Addressing the causes of burnout requires a top-down approach that better aligns security teams with the rest of the business.
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.
The free newsletter covering the top industry headlines
