CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes

Roughly a third of CISOs are dissatisfied with their compensation, according to new data from IANS Research and Artico Search.

The research — "The Compensation, Budget and Satisfaction Benchmark for Tech CISOs, 2023–2024" — was based on nearly 150 interviews with CISOs from tech-sector organizations with annual revenues ranging from less than $100 million to more than $20 billion.

The type of organization, as well as the size, are both contributing factors in how much a CISO is compensated in their role. CISOs at publicly listed firms are usually paid the most ($1 million), with VC-backed tech firms coming in second place ($793,000). CISOs that get paid the least are those who work at tech firms where a majority ownership is in the hands of the founder of the company.

Compensation gets more complex within subsectors in the tech industry, as well as scale, with large variances in pay.

"Similar to other sectors, scale begets complexity, which leads to higher compensation packages for CISOs," the researchers noted in the report. "Not all CISO roles are equal in tech — some are heavily product-centric roles for scaling orgs, while others are responsible for global teams and eight-figure budgets."

Much of the concern that CISOs have stems from the fact that roughly a third (31%) of them did not receive a pay raise. But the researchers noted that hiring slowed last year, which could be a contributing factor. However, the dissatisfaction with compensation, paired with a tumultuous industry where CISOs may take the fall for a cyberattack, is cause for concern for leaders in the cybersecurity industry, according to the researchers.