Businesses' increased demand for security prowess is causing a surge in the salaries of Chief Information Security Officers (CISOs).
In the ever-evolving world of cybersecurity, the role of the Chief Information Security Officer (CISO) has become increasingly significant. According to various studies, as of 2025, the average total salary for a CISO in the United States is approximately $341,000 to $342,000 annually, with a range typically between $248,000 and $457,000 depending on experience and location.
The average annual bonus for a CISO is relatively low, around $29, which is roughly 0.01% of the base salary, and only about 5% of CISOs report receiving a bonus each year. However, other compensation such as stock options or equity can significantly increase a CISO's total compensation, particularly in tech hubs like San Jose, CA, where CISOs can earn nearly double the national average total compensation.
When comparing CISOs with a business risk management background versus those with a strong technical background, market trends indicate that CISOs who can manage both risk and technology, often commanding higher compensation due to the breadth of their skills. Larger organizations and those in high-cost locations tend to pay more, favouring CISOs who demonstrate leadership in both business risk and technical depth.
Despite the growing importance and financial investment in the security function, many CISOs are facing challenges such as burnout due to excessive workloads and value biases that leave them underpaid. However, pay transparency laws are helping CISOs to better understand their worth, with some states requiring companies to disclose salary and compensation in job postings.
Job satisfaction among CISOs is declining as their job duties continue to change, and some CISOs are abandoning the profession. Companies are responding by offering retention packages and market-adjusted pay raises to keep high-tech CISO talent in-house.
As the security function continues to evolve, it is becoming more integrated into the overall business strategy, with CISOs enjoying the compensation and perks that come with a seat at the C-suite table. Organizations are being forced to reconsider compensation beyond a salary, including work-life balance, to attract and retain the best talent they can.
Notes:
- The Foushee Group's Security and Compliance Compensation Survey
- IANS Research and Artico Search
- Osterman Research
- Salary.com
- Various industry reports and surveys
Table:
| Compensation Aspect | National Average (US) | New York, NY Example | Notes | |---------------------|----------------------|---------------------|-------| | Base Salary | ~$341,000 | ~$399,000 | Range $248k - $457k (US), $289k - $534k (NY) | | Bonus | ~$29 (0.01% salary) | Not specified | Only 5% report annual bonus | | Total Compensation | Varies up to $470k+ | Up to $533k+ | Higher in tech hubs |
- In the realm of cybersecurity, chief information security officers (CISOs) are expected to earn an annual base salary ranging from $248,000 to $457,000, with New York, NY, offering an example of up to $399,000, according to various studies.
- The role of CISOs within the financial sector or tech hubs such as San Jose, CA can lead to significant increases in total compensation, as indicated by sources like The Foushee Group's Security and Compliance Compensation Survey, IANS Research, Artico Search, Osterman Research, and Salary.com.
- Market trends suggest that CISOs with a combination of risk management, technology, and business skills are more likely to command higher compensation due to the breadth of their expertise, as reported by sources such as Osterman Research.
- Despite the increasing importance of the role and associated financial investments, CISOs often face challenges such as excessive workloads and value biases that result in underpayment. Some states, like Washington, are implementing pay transparency laws, requiring companies to disclose salary and compensation in job postings, as seen with the example of Washington state.
.){kind=link}