CISO Salary Considerations: The Costs and Rewards of Cybersecurity

      Technology plays a critical role in a variety of industries, which naturally raises concerns about security. It’s no surprise that the Chief Information Security Officer (CISO) has become one of today’s most sought-after and well-compensated tech positions. 

      A CISO’s salary is based on the evolving roles that these professionals play. The following discussion unpacks salary considerations and other important details surrounding this increasingly-critical role.

      The Evolving Role of the Chief Information Security Officer 

      One of the primary considerations surrounding CISO salaries is the specific roles that these professionals play within an organization. Companies have to consider more than just external cyber threats — they must also ensure that they comply with an ever-changing set of regulatory issues.

      For these reasons, CISOs often have to play a variety of roles, which can be grouped around several specific types. These include the following:

      Security Leaders

      The most traditional form of CISO is the security leader, whose chief concern is the secure operation of the company. These executives focus on the company’s technical architecture and may also assist with penetration testing or product security.

      Risk/Trust Leaders

      Risk/trust leaders are responsible for a variety of parallel responsibilities. The category of risk includes such roles as governance and compliance, as well as privacy, disaster recovery, and continuity planning. Trust involves physical security, crisis management, and fraud prevention.

      Generalists

      While the above positions are more specialized, there’s a third type of CISO commonly found at mid-sized tech companies. This generalist role takes on an expanded set of responsibilities that often overlap with the areas mentioned above and can be valuable when integrating these tasks into the company’s larger strategy and purpose.

      As might be expected, the generalist role typically takes the largest salary, given the expanded set of professional capabilities. It’s not uncommon for larger companies to offer compensation packages in the seven-figure range, and one company even paid $3.89 million to fill its CISO role

      But even simpler positions can easily bring a salary range of $380,000 to $420,000, showing how these varied roles occupy places of strategic importance.

      Industry Considerations

      Different industries have different needs, which means that CISO roles can vary according to the required areas of expertise.

      For instance, financial firms often require a CISO oriented around technical issues, with another CISO whose role relates to risk, governance, and regulatory compliance. The same is often true in healthcare, energy, and any other industry that involves a high degree of regulation.

      Larger industries, such as auto manufacturing, often rely on multiple CISOs to handle security at multiple levels of the business. The compensation for these professionals can vary, but the larger the organization, the higher the salary. 

      Additionally, there tends to be a hierarchy in these multi-level organizations, which means that the top CISOs draw a higher salary than those focused on narrow technical issues.

      Professional Backgrounds

      Not surprisingly, 13% of Fortune 500 CISOs had previously served in the U.S. Military, according to data from Cybersecurity Ventures. A military background provides a natural benefit since many of these professionals have experience handling sensitive and technical data for a large organization.

      Companies naturally look for tech professionals who have advanced experience in cybersecurity, risk management, regulatory compliance, and other specialized areas of concern. And because of the relative scarcity of these in-demand capabilities, a CISO’s salary can increase dramatically with a candidate’s background.

      That’s not to say that these technical abilities are the only skills in demand. CISOs typically have to work with other individuals in the company C-suite, such as the CFO or CEO. 

      For this reason, CISOs are often expected to have a set of soft skills that include written and verbal communication, leadership ability, and the ability to help senior leadership think strategically. These skills can easily drive CISO salaries higher and help qualified candidates distinguish themselves during the hiring process.

      CISO Salary Considerations

      How much can a typical chief information security officer expect to make? According to the professional site Salary.com, the average CISO makes $232,753, with actual pay for the role ranging from $203,243 to $268,903.

      But these average ranges don’t tell the whole story. According to Forbes magazine, CISO salaries can easily rise to $420,000 or even more. In fact, many of these salary expectations can be influenced by geography. Here are some of the top CISO salary rates in the top U.S. cities:

      • San Francisco — $421,000
      • New York — $406,000
      • Washington, D.C. — $380,000
      • Los Angeles — $378,000
      • Chicago — $362,000
      • Atlanta — $348,000

      The largest companies in the U.S. are paying seven-figure salaries for top performers. In fact, it’s no longer unusual to hear of companies hiring a CISO for $2.5 million or even more. While these high figures are unusual, they nonetheless show the importance placed on these specialized positions.

      Return on Investment

      The real question, of course, is whether a CISO is worth a salary of this magnitude. It’s important to understand the risks that companies face, as well as the price associated with these risks.

      For example, a data breach can have devastating consequences, costing a company millions of dollars, to say nothing of the negative impact the incident will have on the organization’s public reputation. A major cyber attack can shake investor confidence and leave a company high and dry even after the disaster is addressed.

      This reality means that companies can’t afford not to bring on industry professionals to fill the CISO role. And given the relative shortage of cybersecurity workers, it only makes sense that salary packages reflect the role’s strategic importance and attempt to attract and retain the best and brightest.

      The Right People and the Right Solutions

      The average CISO makes a secure six-figure salary, reflecting the specialized role that this position represents. 

      Businesses of the world increasingly rely on data, which means that success depends on the way this data is managed and protected. Hiring a CISO may seem costly, but the right person can be an insurance policy against costly cyberattacks, and this peace of mind is often worth the price.

      National Information Technology Executive Search Firm | CIO, CTO, Cybersecurity Recruiters

      CIO EXECUTIVE SEARCH FIRM | CSO & CTO Recruiters | Cowen Partners
      CTO, CSO CISO & CIO EXECUTIVE SEARCH FIRM

      Our experienced technology recruiters have experience working with private, public, pre-IPO, and non-profit organizations. Clients are typically $50 million in revenue to Fortune 1000’s or have assets between $500 million to $15 billion. Successful placements span the entire C-Suite – CEO, Chief Information Officer, Chief Security Officer, Chief Technology Officer, and include vice presidentgeneral counsel, and other director-level leadership roles.

      Clients span every industry, are typically $50 million plus in revenue or between $1B and $15B in assets and successful placements include Chief Information Officer CIO, Chief Technology Officer CTO SaaS, Chief Information Security Officer CISO, VP Cybersecurity, VP Information Technology, VP Product, and include and Director level leadership roles.

      Learn how our technology recruiters deliver top talent, no matter the need, with our industry-leading research and resources. Discover the strategy that made Cowen Partners a leader among the nation’s top technology executive search firms in New York, Chicago, Seattle, Atlanta, Dallas, Los Angeles, and beyond.

      Get in Touch.

      Fill out the email request form to learn more about our approach.