Heidrick & Struggles conducted a survey of 327 CISOs across a range of industries to gain insight into the structure of these roles, who is filling them, and their compensation.
On CISOs at work:
- The majority of those surveyed held a CISO role before beginning their current position. Over half hope to become board members in their next role, and since cybersecurity expertise is critically lacking in many boardrooms, this would be helpful in mitigating the risk posed to businesses.
- Most CIOs become board members and Chief Security Officers.
Heidrick & Struggles' Global CISO Survey 2022
- Most CISOs report to the CIO (38%), followed by the CTO or senior engineering executives (15%). Only 8% report directly to the CEO.
- CISOs present very frequently at a board committee but less frequently to the full board.
Heidrick & Struggles' Global CISO Survey 2022
- The biggest personal risks CISOs experience are job related stress (59%) and burnout (48%). Many aren’t worried they will be held culpable for a breach, but a minority face intense pressure, with 25% worried about losing their job and 11% claiming to face personal financial accountability in the event of an attack.
CISO compensation
- In the US, the median cash compensation for a CISO was $584,000 in 2022, up from $509,000 in 2021 and $473,000 in 2020. When taking equity and other incentives into account, this rises to $971,000. The most well-paid CISOs are located on the US West Coast, where average total compensation stands at $1,652,000.
- Compensation is increasing year on year, but bonuses remain steady. However, equity payouts decreased by 13% between 2021 and 2022, which can be explained by external financial disruption and a number of CISOs opting for the security of cash over equity.
- Newly hired CISOs saw the biggest increase in compensation, while those with 5+ years experience were the worst off. They saw major cuts in everything except base pay.
- In the UK, the median cash compensation has risen to £318,000. But because of a sharp drop in equity of 14% and a 28% fall in bonuses, CISOs in the country saw a 9% drop in total compensation.
Why does this matter for businesses?
- Firms may need to boost their compensation packages to remain competitive and retain talent. 21% of respondents to the survey said they feel underpaid, and the figures show that while base pay is rising, equity and other forms of compensation are falling - especially in the UK.
- Unaddressed high-stress levels could lead to CISOs quitting, so companies need to implement supportive policies to minimise this risk.
- Most urgently, companies are not adequately paying their experienced CISOs - whose overall compensation is dropping by 12% - running the risk of them leaving for another company and taking their expertise with them.