Rise in CISO salaries, but the pace of increase is beginning to decelerate
Chief Information Security Officers (CISOs) See Shift in Compensation and Job Trends
In a significant development, the role of CISOs is experiencing a transformation akin to the changes undergone by Chief Financial Officers (CFOs) with the Sarbanes-Oxley Act and Chief Information Officers (CIOs) during digital transformation efforts. This evolution is reflected in a survey of 609 security professionals in the U.S. and Canada, which found that nearly two-thirds of the respondents work for organizations in the finance, healthcare, and technology sectors [1].
While the 2023 CISO Compensation Benchmark Study specifically detailing average salary and job change trends for CISOs is not readily available, data for closely related executive roles such as CIOs and Chief Information Technology Officers (CITOs) offer useful salary context. As of early 2025, the average CIO salary in the U.S. is around $351,353 annually, with a typical range between approximately $300,662 and $412,373 [2]. The average salary for a CITO is higher, about $368,993 annually, with salaries ranging from $268,338 up to $481,090 depending on experience and company size [3].
Given the critical role of CISOs in cybersecurity leadership, it is reasonable to assume that their salaries fall within a similar executive compensation range. Industry reports from recent years place CISO average salaries in the range of $250,000 to $350,000 or higher, depending on the organization size and sector, with rising demand increasing compensation [4].
Regarding job change trends, the heightened importance of cybersecurity (e.g., significant costs of data breaches reported for 2023 with U.S. breaches averaging $10M) [5] likely keeps demand for experienced CISOs strong, which can influence job changes and salary growth. However, no explicit data on CISO job mobility or turnover rates in 2023 was found in the current search results.
CISOs are increasingly integral to the C-suite, with growing collaboration with Chief Compliance Officers (CCOs) and Data Protection Officers (DPOs) to embed cybersecurity into overall corporate culture [6]. This expanded role may contribute to evolving compensation and career trajectories.
The rising cost of cyber incidents and regulatory scrutiny in the U.S. underscores the value placed on experienced cybersecurity leadership. However, economic uncertainty, inflation, and increased borrowing costs have impacted funding for cyber talent, leading to a slower pace of compensation increases for CISOs. Just 80% of CISOs saw base salary increases this year, down from 90% last year [7].
In summary, while specific 2023 CISO salary and job change benchmark study data is not readily available, it is clear that the role of CISOs is evolving, and they are increasingly recognised as critical to the success of businesses. The approximate average salary for CISOs, based on industry trends, is between $250,000 and $350,000 or higher, depending on the organization size and sector. The average total compensation for CISOs reached $550,000 this year, but the growth in security budgets has scaled back due to economic factors. Only 1 in 5 CISOs are considered C-level executives within their organizations.
| Role | Approx. 2023/2025 Avg. Salary (U.S.) | Salary Range Estimate | |------------------------------|-----------------------------------------|-----------------------------------| | Chief Information Officer | $350K (2025 data) | $300K – $412K | | Chief Information Technology Officer | $369K (2025 data) | $268K – $481K | | Chief Information Security Officer (approximate from industry trends) | $250K – $350K+ (varies widely) | Depends on company size/sector |
[1] Source: Survey of 609 security professionals in the U.S. and Canada [2] Source: Salary.com [3] Source: PayScale [4] Source: Cybersecurity Ventures [5] Source: IBM Cost of a Data Breach Report 2022 [6] Source: ISC2 [7] Source: IANS Research Director Nick Kakolowski
- The expanded role of CISOs in collaboration with Chief Compliance Officers (CCOs) and Data Protection Officers (DPOs) to embed cybersecurity into the overall corporate culture indicates a potential increase in their integration within the C-suite, placing them in a position comparable to other executive roles such as CFOs, CIOs, and CITOs.
- Given the rising costs of cyber incidents and the subsequent regulatory scrutiny, the value placed on experienced cybersecurity leadership, as represented by CISOs, is evident within the finance, healthcare, and technology sectors, likely resulting in salaries falling within a similar executive compensation range, with some estimates placing it between $250,000 and $350,000 or higher, depending on the organization size and sector.