Average North American CISO pay now $565K, mainly thanks to one weird trick

A survey of nearly 700 CISOs in the US and Canada has found their pay has risen over the past year to an average of $565,000 and a median of $403,000, with the top 10 percent of execs pulling in over $1 million.

(That’s about £426,000, £304,000, and £754,000, respectively.)

The data showed that by far the most effective way to boost your pay was to switch jobs, or at least threaten to, and get a counter offer from your original employer. Both moves bring an average compensation increase of 31 percent. By contrast, just doing your job and getting an annual raise would increase the average compensation by just 6.3 percent, according to data from IANS Research and recruitment firm Artico.

However, at the moment fewer CISOs are considering this route. This fifth annual survey found that staff turnover has nearly halved since the heady days of the 2022s, when 21 percent of those surveyed had moved jobs in the previous 12 months.

“We believe it’s largely a macroeconomic situation,” Nick Kakolowski, senior research director at IANS Research, told The Register.

“It’s a combination of businesses being conservative and waiting for a little bit more stability, and CISOs being conservative and waiting for a little bit more stability. We’re seeing more movement starting in the market, and we expect that to continue. We don’t have a great sense of when it’s going to get back to – or if it’s going to get back to – the tons of movement days of the early 2020s, and post-pandemic, but we expect a much more active year next year.”

If you’re looking for the most lucrative CISO job, the tech industry is the place to go. While average base pay of $407,000 isn’t the highest (financial services bags that prize at $495,000), once you factor in bonuses and equity then tech is the clear winner at $721,000.

“In today’s environment of cash preservation, we’re seeing companies utilize equity more often than cash as a negotiation and retention tool,” explained Steve Martano, cyber recruiter at Artico Search. “Public companies are using equity to entice new security leaders and to retain them, privately held companies similarly leverage equity-rich packages to preserve EBITDA.”

At the other end of the scale is education, where average base pay is $243,000, while hospitals and clinics come in at $334,000. For the first time this category had to be split from the rest of the healthcare industry, because the disparities are so wide – $465,000 was the average for pharma and medical insurers.

Another trick to boost compensation is to go back to the office – at least part-time. The survey found that hybrid or office workers got more than a 6 percent increase in their pay last year. One in five remote workers saw their pay packet stay the same last year, and 45 percent got a less than 5 percent increase.

The rich are also getting richer while the poor are getting poorer. Among the top 10 percent of best-paid CISOs, 23 percent saw their pay rise by over 20 percent. Among the 25 percent of the lowest-paid CISOs, two thirds said their compensation hadn’t changed, or had risen less than five percent.

And as with most jobs in the US, it also matters where you work, Kakolowski opined. California tops the pay scales, unsurprisingly, and CISOs are more than twice as likely to get some form of equity – reflecting the startup culture on the West Coast.

The North East is the second most lucrative place to work, but outside of these two the South East was the most rewarding. Kakolowski cited the financial services groupings around North Carolina, the thriving biotech scene, and Texas’s burgeoning tech sector. Canadian CISOs reported the lowest earnings, but at least they have cheap healthcare to make up for it. ®

READ MORE HERE