Special Features

Cybersecurity Month

Average North American CISO pay now $565K, mainly thanks to one weird trick

Best way to boost your package is to leave, or pretend to


A survey of nearly 700 CISOs in the US and Canada has found their pay has risen over the past year to an average of $565,000 and a median of $403,000, with the top 10 percent of execs pulling in over $1 million.

(That's about £426,000, £304,000, and £754,000, respectively.)

The data showed that by far the most effective way to boost your pay was to switch jobs, or at least threaten to, and get a counter offer from your original employer. Both moves bring an average compensation increase of 31 percent. By contrast, just doing your job and getting an annual raise would increase the average compensation by just 6.3 percent, according to data from IANS Research and recruitment firm Artico.

However, at the moment fewer CISOs are considering this route. This fifth annual survey found that staff turnover has nearly halved since the heady days of the 2022s, when 21 percent of those surveyed had moved jobs in the previous 12 months.

"We believe it's largely a macroeconomic situation," Nick Kakolowski, senior research director at IANS Research, told The Register.

"It's a combination of businesses being conservative and waiting for a little bit more stability, and CISOs being conservative and waiting for a little bit more stability. We're seeing more movement starting in the market, and we expect that to continue. We don't have a great sense of when it's going to get back to – or if it's going to get back to – the tons of movement days of the early 2020s, and post-pandemic, but we expect a much more active year next year."

If you're looking for the most lucrative CISO job, the tech industry is the place to go. While average base pay of $407,000 isn't the highest (financial services bags that prize at $495,000), once you factor in bonuses and equity then tech is the clear winner at $721,000.

"In today's environment of cash preservation, we're seeing companies utilize equity more often than cash as a negotiation and retention tool," explained Steve Martano, cyber recruiter at Artico Search. "Public companies are using equity to entice new security leaders and to retain them, privately held companies similarly leverage equity-rich packages to preserve EBITDA."

At the other end of the scale is education, where average base pay is $243,000, while hospitals and clinics come in at $334,000. For the first time this category had to be split from the rest of the healthcare industry, because the disparities are so wide – $465,000 was the average for pharma and medical insurers.

Another trick to boost compensation is to go back to the office – at least part-time. The survey found that hybrid or office workers got more than a 6 percent increase in their pay last year. One in five remote workers saw their pay packet stay the same last year, and 45 percent got a less than 5 percent increase.

The rich are also getting richer while the poor are getting poorer. Among the top 10 percent of best-paid CISOs, 23 percent saw their pay rise by over 20 percent. Among the 25 percent of the lowest-paid CISOs, two thirds said their compensation hadn't changed, or had risen less than five percent.

And as with most jobs in the US, it also matters where you work, Kakolowski opined. California tops the pay scales, unsurprisingly, and CISOs are more than twice as likely to get some form of equity – reflecting the startup culture on the West Coast.

The North East is the second most lucrative place to work, but outside of these two the South East was the most rewarding. Kakolowski cited the financial services groupings around North Carolina, the thriving biotech scene, and Texas's burgeoning tech sector. Canadian CISOs reported the lowest earnings, but at least they have cheap healthcare to make up for it. ®

Send us news
12 Comments

Kyndryl's consulting business may be less than it seems

Insiders say it's largely a matter of labeling

The workplace has become a surveillance state

Cracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices

Data is the new uranium – incredibly powerful and amazingly dangerous

CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value

AI hiring bias? Men with Anglo-Saxon names score lower in tech interviews

Study suggests hiding every Tom, Dick, and Harry's personal info from HR bots

Intel: Our finances are in the toilet, we're laying off 15K, but the free coffee is back!

Now that's a brew-haha

Robots crush career opportunities for low-skilled workers

They also boost support for populist politicians, study finds

Another official four-day week pilot kicks off in the UK

Nation's favorite cloud-slinger, AWS, unlikely to be taking part

Mozilla Foundation crumbles as third of staff cast off

Firefox overlord to 'revisit' advocacy mission

Worker surveillance must comply with credit reporting rules

US Consumer Financial Protection Bureau demands transparency, accountability from sellers of employee metrics

Grindr used RTO to screw union, labor watchdog claims

Back-to-office order forced dating app staff to swipe left

Satya Nadella asked for 50% cut in his incentive payout over security failures

Microsoft agreed, then upped his payout 63%

Why send a message when you can get your Zoom digital video clone to read the script?

We're sure colleagues will find your lookalike, soundalike avatar's missive very warm and human