Having the right team in place is critical for CISOs to keep pace with the increasing demands of both the business and the wider security landscape. An effective security program depends on securing top talent, and for CISOs, staffing budgets and compensation play a key role in meeting these needs.
Staff and Compensation Claims the Largest Security Budget Share
When it comes to security budget allocation, data from our annual CISO Compensation and Budget Survey showed that staff compensation consumed the largest portion of the total security budget - at 39%.
Looking at security budgets overall, data from our respondents highlight breaches or security incidents at the company as triggers for the largest increases, adding an average of 36% to the budget which emphasizes the importance of sufficient security staffing.
Nick Kakolowski, Senior Director of Research at IANS explains, “anecdotally, we’re just seeing there are so many external forces that are pushing businesses to recognize the importance of security that it’s compelling them to spend more. If they’re hit by a breach themselves, we’re looking at over 30% budget increase on average and 64% increase on staff spend.”
Compensation to Hire Top Cybersecurity Talent
Data from our CISO respondents found that for the seven security leadership roles, the average cash compensation (base salary plus bonus) is $262,000 with a median of $226,000. The average annual total compensation (cash compensation plus equity value) is $301,000 with a median of $245,000.
We used our respondent’s survey data, to compare the overall average with the top 25% and top 10% functional leadership compensation averages. The average top 25% annual cash compensation in the sample, is $426,000, roughly 60% above the $262,000 overall average. Total compensation in the top 25% averages $540,000, nearly 80% higher than the $301,000 average for the entire sample.
To attract and keep top talent with the experience of leading mature cyber program functions, CISOs should focus on paying rates in the top of the compensation scale to gain a recruiting and retention advantage.
Recommendations for Hiring Cybersecurity Leaders
To help hire and mitigate risk from losing security leaders, CISOs are encouraged to take compensation cues from the market. Be prepared to pay more for security leadership and integral team members.
Research-backed data found in this annual report not only provides CISOs with content for how other security leaders are allocating hiring funds, but also serve as a tool to substantiate their requests in the next budget cycle.
CISO Compensation & Security Budget Benchmark Survey
How high will the market drive compensation to hire top cybersecurity talent in 2023? Join hundreds of your fellow CISOs across the U.S. and Canada and take the CISO Compensation and Budget Benchmark Survey.
Survey respondents will receive a series of in-depth reports featuring new takeaways, uncover a wealth of insights and find valuable leadership guidance to fine-tune your current security budget and department, as well as your role and career path.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.