CISO Compensation. PHOTO: Cybercrime Magazine.

Pink Slips To Million Dollar Salaries: Are CISOs Underappreciated Or Overpaid?

The Times They Are A-Changin’ For Chief Information Security Officers

Steve Morgan, Editor-in-Chief

Northport, N.Y. – Aug. 12, 2019

CISOs (chief information security officers) may have been best known for getting thrown under the bus in the aftermath of a data breach. Now they’re making a reputation for themselves as tech’s most wanted, and highest paid. And rightfully so.

It used to be that a cyberattack was a CISO’s worst nightmare, and a sure-fire sign that a pink slip would follow.

In 2019, it’s a fact that every company has been hacked (or will be). Major corporations globally, with the help of law enforcement and private sector cyber defenders, have come to the realization that it’s not the CISO’s fault, and ousting one will only open up another can of worms — namely recruiting a replacement in a highly competitive market that is suffering through a severe workforce shortage.

Instead, CISOs are being heralded for their ability to plan for the worst, and to react calmly, legally, methodically, and swiftly, in response to cyber intrusions.

Some Fortune 500 and Global 2000 corporations are giving their information security head honchos — oftentimes those with military backgrounds — seven-figure pay packages.

One company paid a $3.89 million annual salary to fill its CISO position. The Los Angeles Times reports that big companies are paying big bucks to its top cyber fighters.

Another company paid a $650,000 salary to fill its CISO role in 2012, and this year they bumped the pay up to $2.5 million for a new recruit in the same position.

In 2016, annual CISO compensation in the largest U.S. cities was topping out at between $380,000 and $420,000. Cybersecurity Ventures has observed a gradual uptick of those figures, and we expect to see an increase in the number of organizations that will move the needle to the $500,000 to $1 million range over the next five years.

Cybersecurity Ventures forecasts that 100 percent of large corporations (Fortune 500, Global 2000) globally will have a CISO or equivalent position by 2021 (up from 70 percent in 2018), although many of them will be unfilled due to a lack of experienced candidates.

It’s predicted that there will be 3.5 million unfilled cybersecurity jobs by 2021 — enough to fill 50 NFL stadiums. This is up from a previous estimate of 1 million cybersecurity openings in 2014.

Despite the labor crunch, it’s the smaller number of unfilled CISO positions that pose the greatest cyber risk.

Whether you think CISOs are underappreciated or overpaid, the times are a-changin’, and it’s a good time to be one.

– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Send this to a friend