BY Lake SydneyAugust 26, 2022, 12:25 p.m.
Pedestrians on the Embarcadero Center in San Francisco, California, seen in March 2022. (Photographer: David Paul Morris—Bloomberg/Getty Images)
As cyber threats become more prevalent, the demand for cybersecurity talent continues to rise. According to a 2022 Heidrick & Struggles survey of global chief information security officers (CISOs), to attract top cyber talent to the C-suite, companies must now be prepared to shell out compensation packages of nearly a million dollars.
Information security officers are typically the highest level cybersecurity professional or person responsible for protecting an organization’s data and assets. In 2022, 69% of CISOs in the United States indicated in the survey that the majority of their career had been spent in IT or cybersecurity.
US-based CISOs reported median base compensation of $584,000, a 15% increase over last year. Factoring in bonuses and company equity, their total compensation was $971,000, up 4% from a year ago, according to the survey. By comparison, entry-level cybersecurity workers at top companies like Booz Allen Hamilton earn around $150,000.
Compensation for CISOs continues to rise alongside their value and importance to their organizations, said Matt Aiello, Heidrick & Struggles’ global head of cybersecurity practice. Fortune. Heidrick & Struggles is a Chicago-based international executive search firm that also conducts market research.
“In the past three years alone, the role of CISO has evolved into a more central role, as these leaders take a more holistic approach to the business,” says Aiello. “CISOs are taking on more strategic and risk-related responsibilities, interacting often with the board, and providing a single view of risk to help address cyber threats, a growing concern that has become a priority. »
Additionally, CISOs who had been in their role for less than a year generally saw the largest increases in overall compensation, “no doubt reflecting the heightened competition for top talent across all industries and functions,” according to the study.
The Need for Top Cyber Talent
Between 2013 and 2021, the number of job vacancies in cybersecurity worldwide increased by 350% to 3.5 million, according to Cybersecurity Ventures. Not only is there a need for entry-level workers, but corporate management needs to put more emphasis on protecting cybersecurity and information at the board and C-suite level, Steve Morgan said. , founder of Cybersecurity Ventures. Fortune. CEO at each fortune 500 Enterprises and medium-to-large organizations should advocate for cybersecurity experience on their board, he adds.
“It could be the CISO or an outside executive with actual cybersecurity experience,” he says. “Do it now to protect your organization, not after a breach or hack to protect your reputation.”
Last year, only 17% of fortune 500 companies had board members with this type of experience. By 2025, however, Cybersecurity Ventures predicts that 35% of fortune 500 companies will have board members with cybersecurity experience.
“Every board should understand cybersecurity and the associated risks,” says Aiello. “Increasingly, boards are considering the value of having a seasoned CISO on the board or access to the expertise the board needs – through advisors – that can help ensure the board views cyber as part of the company’s business strategy, not as an ad-hoc concern.
Despite increasing salary packages, CISO burnout and stress have plagued many professionals interviewed by Heidrick & Struggles. In fact, 60% of respondents said role stress was the biggest personal risk they faced, with 53% saying the same about burnout. Much of that stress relates to regulatory pressures and the potential for personal liability in the event of cyberattacks, Aiello says.
For companies to attract and retain top CISO talent, beyond high salaries, they need to offer those employees liability insurance to protect them from personal liability, Aiello says.
“CISOs want to have the right protections in terms of severance pay, insurance protections and level of reporting relationship to carry out and fulfill their duty, mitigating the risks associated with the role and personal liability,” he adds.
Find out how the schools you’re considering fared in Fortune’s rankings of the best master’s programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and analytics commercial, as well as the Ph.D. in education programs MBA programs (part-time, executive, full-time, and online).