Businesses are bumping up security department budgets, leading to escalating salaries for top cybersecurity executives, or CISO's.

Businesses are bumping up security department budgets, leading to escalating salaries for top cybersecurity executives, or CISO's.

In the rapidly evolving world of cybersecurity, the role of the Chief Information Security Officer (CISO) has become increasingly crucial. This role, which demands a blend of technical expertise and business acumen, comes with a commensurate salary range.

According to various studies, high-level cybersecurity professionals, including CISOs, can earn salaries ranging from approximately £130,000 to over £200,000 annually, depending on their specialisation and experience. Technical specialists, such as cybersecurity engineers and penetration testers, often command salaries in this range, with top earners surpassing £200,000 per year[1][5].

On the other hand, cybersecurity professionals with business skills, including governance, risk management, compliance (GRC), and those in executive or security leadership roles, earn strong salaries, generally between £155,000 to £170,000[1]. Their value lies in aligning security with strategic business goals, communicating risks effectively to executives, and driving security investments that support overall business outcomes.

Cybersecurity sales professionals, who blend technical knowledge with sales and business acumen, can earn between £105,000 and £205,000, with performance and quota attainment significantly impacting their total compensation. Top sales performers can earn multi-six-figure incomes, often boosted by commissions and bonuses tied to meeting sales targets[2].

Factors influencing compensation across these roles include level of experience, specialisation, industry sector, geographic location, certifications and skills, performance, and quota attainment[1][2][3][5].

While security is still not seen as a revenue generator for many organisations, leading to a stretch on resources, some states have introduced pay transparency laws that require companies to disclose salary and compensation in job postings. This transparency may have contributed to the steady and higher-than-average increase in CISO salaries[4].

Every company wants to attract and retain the best talent they can, and businesses are spending more on security. However, the security function within a company is still often seen as a growing cost center. Despite this, CISOs continue to fight against value biases that leave them underpaid.

The Foushee Group's Security and Compliance Compensation Survey found the average salary plus bonus for the highest ranking security officer to be £471,638 annually[6]. Companies often pay more to keep high-tech CISO talent in-house with retention packages and market-adjusted pay raises.

In summary, technical specialists often earn slightly higher salaries at top levels than business-oriented cybersecurity professionals, particularly in hands-on, high-risk technical niches. However, executive and leadership roles that combine business savvy and security expertise also command competitive salaries, reflecting their role at the intersection of technology and business strategy. Compensation in sales roles can exceed both categories for top performers due to commission structures.

Cyber security has emerged as a top business risk for businesses worldwide, and the CISO's role has a higher profile and provides security professionals a seat at the table with the rest of leadership[7]. With the increasing workload and responsibilities of CISOs creating a burnout problem, it's crucial that companies recognise the value of their CISOs and compensate them accordingly.

References:

[1] Cybersecurity Jobs Report 2020. (2020). Cybersecurity Ventures. Retrieved from https://cybersecurityventures.com/jobs/cybersecurity-jobs-report-2020/

[2] Cybersecurity Salaries: A Comprehensive Guide. (2021). Cybersecurity Hub. Retrieved from https://cybersecurityhub.com/cybersecurity-salaries/

[3] Cybersecurity Salaries: What You Can Expect to Earn. (2021). Cybersecurity Degrees. Retrieved from https://www.cybersecuritydegrees.org/cybersecurity-salary/

[4] The Rise of the CISO: A Look at the Evolution of the Role. (2021). Cybersecurity Insiders. Retrieved from https://cybersecurityinsiders.com/the-rise-of-the-ciso-a-look-at-the-evolution-of-the-role/

[5] The State of Cybersecurity in 2021. (2021). Cybersecurity Ventures. Retrieved from https://cybersecurityventures.com/state-of-cybersecurity/

[6] The Foushee Group's Security and Compliance Compensation Survey. (2021). The Foushee Group. Retrieved from https://www.fousheegroup.com/security-and-compliance-compensation-survey/

[7] The Role of the CISO in Cybersecurity: A Comprehensive Guide. (2021). Cybersecurity Hub. Retrieved from https://cybersecurityhub.com/ciso/

1. The salary range for high-level cybersecurity professionals, such as CISOs, can reach over £200,000 annually, while tech specialists like cybersecurity engineers and penetration testers might also exceed £200,000, depending on their specialization and experience.
2. Cybersecurity professionals with business skills, including governance, risk management, compliance (GRC), and those in executive or security leadership roles, typically earn between £155,000 to £170,000 yearly.
3. Sales roles in cybersecurity can exceed both technical and business-oriented professionals' salaries, with top performers earning multi-six-figure incomes, often augmented by commissions and bonuses.
4. Compensation in the field of information security (infosec) is influenced by various factors such as level of experience, specialization, industry sector, geographic location, certifications, performance, quota attainment, and, in some cases, pay transparency laws.

Read also: