Skip to content

Photo by iStock

More Money for More Problems: CISO Compensation Rises 6.7 Percent in 2025

By Claire Meyer
14 November 2025

Today in Security

Cybersecurity leadership remains a top priority for businesses, as demonstrated with increasingly large chief information security officer (CISO) compensation packages, according to the sixth annual CISO Compensation Benchmark Report from IANS and Artico Search. As CISOs’ scope of responsibilities grows, though, their compensation needs to keep up in order to stave off overwork and burnout, the report cautioned.

The report—based on compensation data from more than 550 CISOs in the United States and Canada—found that overall CISO compensation grew by an average of 6.7 percent in 2025, while security budget growth slowed to only 4 percent growth, a five-year low. Staffing growth in security dropped from 12 percent in 2024 to 7 percent in 2025.   

“CISOs have firmly established themselves as business leaders, not just security operators,” said Nick Kakolowski, senior research director at IANS, in a press release. “Their pay stability this year reinforces how indispensable cybersecurity leadership has become to enterprise risk oversight, even when many organizations are tightening budgets.”

The growth contrasts strongly with overall labor market trends, where many companies are pulling back on investment and hiring. The report posits that CISO compensation is shielded from these changes because of the high priority companies place on cybersecurity, the expanding and sophisticated threat landscape, and the new risks brought by artificial intelligence (AI).

But compensation can vary widely based on responsibilities, organization, and experience. The top 1 percent of CISOs earn more than $3.2 million in total compensation (salary and equity-based compensation), which is roughly 10 times the median compensation and 20 times the bottom 10 percent.

Overall, compensation typically falls between $250,000 and $700,000. Technology companies offer the highest total compensation packages, followed by financial services and retail.

The variability reflects equity package sizes as well as organization size—compensation for CISOs at Fortune 100 companies far exceeded reported averages, the report found. CISOs overseeing teams of more than 100 staff and budgets of more than $50 million typically earn in the top quartile. Plus, experience matters significantly; CISOs with at least eight years of experience, preferably across multiple companies or industries, often earn 100 percent more than peers with shorter tenures or less varied backgrounds.

It's easier to switch jobs now, with increased mobility for CISOs. The report found that 15 percent of CISOs changed employers this year, up from 11 percent in 2024. They didn’t always change jobs for the money, though—half of them moved without a raise. Among CISOs who stayed, 82 percent said their compensation increased year-over-year due to higher bonuses and larger equity packages.

CISOs who stayed took on more scope, often with higher pay. More than half of CISOs said their scope of responsibilities increased this year at the same job.

“Notably, CISOs who were financially rewarded for taking on more responsibilities are more likely to report that their workload is manageable,” the report said. “Among those who received both expanded scope and raises of 10 percent or higher, 56 percent said their scope of responsibilities is manageable, compared to just 29 percent of CISOs who experienced scope creep with no associated pay increase. That’s a warning sign for employers aiming to maintain stability in their security leadership.”

Compensation mixes are changing, though, in the face of overall compensation growth slowdowns. Base salary growth slowed to 4.8 percent this year from 5.7 percent in 2024.

“It appears that, at the macro-level, employers are turning to equity distributions to strengthen retention and hiring incentives, rather than competing with large raises in cash compensation,” the report said.

CISOs are increasingly receiving executive-level perks, though, reflecting the importance of their role. More than 50 percent of CISOs are now covered by Directors and Officers (D&O) insurance—up from 40 percent in 2024—reflecting the heightened legal and reputational risk that CISOs face.

Non-financial perks, such as access to external counsel, external executive coaching, and severance agreements, are now available to one in five CISOs.

 

Focus on Agentic AI

What is Agentic AI?

How to Use AI Responsibly to Prevent SOC Analyst Burnout

3 Non-Negotiables for CISOs in the Agentic Era

Risk vs. Reward: What Security Leaders Need to Know When Using Agentic AI

Defending Against Online Fraud in the Age of Agentic AI

Best of Security Management

The Other Side of the Looking Glass: Providing Security for Marches and Rallies

Is Your Workplace Toxic? Here's What You Need to Do

Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

What to Add to a Rules of Engagement Document

What is Agentic AI?

How to Make a Weapon Selection When Arming Your Security Team
arrow_upward