Competition for top information security officials is increasingly fierce as businesses seek to protect themselves from potentially crippling cyber attacks. Recently released compensation data from IANS Research and Artico Search shows a wide pay gap, from small businesses with nascent cybersecurity programs to multinationals with well-established cybersecurity teams. Notably, female CISOs are winning over their male counterparts. Let’s take a look at the latest market information.
January 4, 2022 – Cyber breaches at SolarWinds and Colonial Pipeline underscored the importance of having the right Information Security Officers (CISOs) in place. This, in turn, has led to intense competition to recruit top cybersecurity executives who have seen their market values and salaries skyrocket, according to compensation data recently released by IANS Research and Artico Search. This increase in demand has led to turbulent market conditions and the eagerness of CISOs to understand their market value and how their compensation compares to that of their peers.
The CISO Compensation Benchmark report offers objective and comprehensive data from 458 Information Security Officers (CISOs). It combines survey data with information from Artico Search executives, in particular Mercedes Chatfield-Taylor, co-founder and CEO; Matt Comyns, co-founder and president; and Steve Martano, Artico Search cybernetic practice partner. This combination of data and information provides an in-depth view of CISO compensation in the United States and Canada.
“By combining the many years of hiring and building relationships of our security recruiters with the depth of IANS research, data and analysis, we are able to generate data in time. real for the safety function, ”Martano said. “With so much misinformation available, we went straight to the source for accurate and timely budget and safety function compensation data, which allowed us to extract interesting trends and benchmarking across industries. “
“What matters to the CISO matters to the IANS. Our clients constantly tell us that being able to benchmark against their peers is essential, ”said Nick Kakolowski, IANS Senior Research Director. “We are delighted to be delivering this research – it was especially interesting to learn that female CISOs earn seven percent more than male CISOs. We still have a ton of work to do to build a more gender inclusive industry – only 45 of our respondents identified as women – but it’s great to see some progress on the pay side.
The pay gap for CISOs is wide
The total annual compensation distribution curve shows a large gap between the top and the bottom, with an average of $ 463,000 and a median of $ 342,000. The wide range of total compensation reflects the diversity of the market. It includes CISOs of small businesses in industries with relatively immature cybersecurity agendas, as well as those of multinational Fortune 500 companies in highly regulated industries and an established cybersecurity agenda.
What market trends are contributing to the wide dissemination of CISO compensation? “Business continuity has become a priority over the past 18 months,” said Mr. Martano. “COVID-19, combined with the vast increase in high-profile cyber breaches and ransomware attacks, has forced organizations to rethink and redefine their security agendas. Some companies built programs for the first time, while others improved on existing programs that lacked visibility and resources.
“Before 2021, cybersecurity was increasingly an urgent topic in most meeting rooms,” said Martano. “The advanced attacks, costly public breaches and ransomware events over the past 12-18 months have increased the frequency and depth of these discussions. COVID-19 and the trend of working from home have accelerated the visibility of CISO and the security apparatus, as endpoint security and vulnerability management have come to the fore due to the prevalence of remote working. “
Launch of Artico Search to help businesses create, grow and protect
Former Caldwell Executive Recruiters Mercedes Chatfield-Taylor and Matt Comyns have teamed up to launch Artico Search, a fast-growing search company that harnesses their respective strengths to lead teams that help create and evolve technology companies and protect them from cyber attacks. Serving some of the hottest areas of the research industry, Artico is taking off at full speed. Let’s get into this important new launch.
Public breaches such as SolarWinds and Colonial Pipeline further raised the profile of the CISO, as the boards asked about the preparedness and risk profile for a similar threat event. “This increased attention to cybersecurity has largely led sophisticated companies to attempt to keep their existing CISOs to ensure the continuity of their security programs or to upgrade their programs and / or their leaders to cope with a threat environment. increasingly complex, ”said Martano. “In a tough talent market where demand still far outstrips supply, companies have stepped up incentives, including massive counter-offers and retention packages to keep security leaders they trust. Almost 75% of companies preparing RSSI offers compete with one or more competing offers and / or strong counter-offers from current employers of applicants.
Compensation of dissected CISO
The remuneration of the CISO varies considerably from one sector to another. In the survey sample, CISOs in financial services have the highest total compensation on average at $ 535,000, followed by CISOs in technology and manufacturing. Financial services is a tightly regulated industry and its organizations generally have a low risk profile. While the base salary of $ 274,000 is not well above the overall average, its large target bonus and equity incentive structures mean total compensation for this industry outperforms others.
Tech companies are highly digital and sensitive to disruption. In addition, sub-sectors such as communications are considered critical infrastructure. These are all factors that increase the compensation of the CISO. The above-average total compensation of $ 509,000 for the sample reflects this. It’s also worth noting that tech executives are often enticed by lucrative long-term stock packages that pay off on a successful exit, such as with an initial public offering.
The manufacturing sector includes large defense companies, critical infrastructure and pharmaceutical companies, as well as others with high-stakes security operations, particularly related to the supply chain, Internet of Things and Internet of Things. operational technology. The average total compensation of $ 505,000 is the third highest in the sample.
Canada lags all regions of the United States in total compensation
The report found that CISOs based in the western United States enjoy the highest total compensation. The latter is about 20 percent higher than the average for the Southeastern United States. The remuneration of technology companies in the Western region is pushing up the average. More than a quarter of the sample’s Western US-based CISOs work in the tech industry.
Hunting for e-tech leaders intensifies as risks multiply
With technology came the insatiable – and ruthless – need for talent. Having the right leaders and the right teams in place is now more critical than ever. Cyber technology leaders appear in various forms: Information Security Officer (CISO), Information Risk Management Officer, Information Security Officer (CSO), Vice President of Information Security, Trust Officer, Information Officer (CIO), Chief Technology Officer (CTO) and many more.
These executives are essential, front-line leaders facing increasingly numerous and sophisticated threats. Their job is to secure both the business and its external products and solutions. They report regularly to boards of directors and management committees, are seen as strategic assets to be exploited and increasingly give organizations their competitive advantage. The cost of hiring is on the rise – and that’s good news for the many executive recruiters who are hunting them down for clients around the world. Read now >>
Northeastern US CISOs are not far behind those in the western US in terms of total compensation, with one in three respondents in this region working in the financial services industry, including total compensation is comparable to that of CISOs based in the western United States. The averages for the Northeast region are pulled down by the lowest paid CISOs in the sector.
CISOs in the Southeastern United States have, on average, the lowest total compensation of the four regions in the United States. Other states in this region, such as Alabama, Arkansas, Tennessee, and South Carolina, lower the Southeast region average.
Canada lags behind the American regions in terms of compensation. Average total compensation is about $ 300,000 less than that of the highest paying region of the United States. Canadian CISOs working in financial services are an exception in the Canadian region. Although few in the sample, they report compensation numbers much closer to those of their peers in the financial services industry who work in the Northeast region of the United States.
Women who succeed at the CISO level get a bonus in the market
Filtering pay data by gender reveals that female CISOs earn five percent of their male counterparts for base pay and seven percent for total pay. What explains this difference? Men still dominate the security function, as evidenced by our 88% of men in our sample size: 338 men versus 45 women RSSI
“This gender gap is not unique to CISOs, as there are fewer women in the overall tech leadership suite,” Ms. Chatfield-Taylor said. “The gap is most noticeable in some of the most transformative technology functions, including safety, products and engineering. Women leaders who are successful in these roles receive a bonus pay as almost all companies require diversity in their candidate roster, with CISO research being no exception. This creates an option and an opportunity for female CISOs to increase their compensation by taking on new roles. “
Related: To Improve Diversity, The Recruiting Industry Must Define a New Path
Contributed by Scott A. Scanlon, Editor-in-Chief; Dale M. Zupsansky, editor-in-chief; and Stephen Sawicki, Editor-in-Chief – Hunt Scanlon Media