CISO Security Leadership Survey Results

INTRODUCTION

This 2023 CISO Survey Report, published by Hitch Partners, represents 2022 findings from our firm’s sixth survey. The intention is to capture trends for compensation, reporting structure, and executive protection within the Security Leadership community.

Our data shows the role of the CISO strikes a strong balance between protecting information assets and narrating the company’s risk posture.  As attacks against critical applications and infrastructure increased this past year, top notch CISOs are more coveted and continue to be well compensated.

We are an executive search firm focused on creating advocacy as well as providing valuable, actionable insights to the CISO community we serve.   We welcome your feedback on this data set, including recommendations on topics to cover in future surveys.

METHODOLOGY

We compiled the results contained within this report based upon survey participation from 650+ U.S.-based information security leaders, representing 12,700+ years of experience from various companies, agencies, and associations. 

We define the “CISO” as the information security leader at an organization who is primarily accountable for the strategy, orchestration, execution, and deployment of the information security program. Common titles for these leaders include Chief Information Security Officer (CISO), Chief Security Officer (CSO), Head of Security, VP of Security, and VP of Information Security. For the purpose of this report, these titles will be referenced as “CISO”.

The data that follows is based on voluntary respondents and does not represent the entire population of CISOs in the market.

SURVEY DATASET

SUMMARY FINDINGS

In 2022, nearly every component of the CISO's world continued to evolve and expand.  CISOs were responsible for addressing an ever expanding attack surface and complexity in the threat landscape, were called upon to translate risk as well as narrate the organization’s security posture to both internal and external stakeholders.

• Compensation: While overall stock market indexes declined significantly in 2022, CISO’s average total compensation was not as significantly impacted as Nasdaq (-33.1%) or the S&P (-19.9%).

  • Privately Held Company CISOs Avg Total Compensation: Decreased by 3.9% from $654,034 to $628,229 (due to 14% decrease in equity value).

  • Publicly Traded Company CISOs Avg Total Compensation: Decreased by 3.3% from $799,835 to $772,902 (due to 12% decrease in equity value).

• Presenting to the BoD: The vast majority of today’s CISOs (85% among Privately Held Companies and 88% among Publicly Traded Companies), report to the BoD on a regular basis, and the trend is growing. 38% of CISOs at Privately Held Companies report to the Board on at least a quarterly basis, with 57% of their counterparts at Publicly Traded Companies doing the same.

• Average Tenure of CISOs amongst survey participants in their current role: CISOs in Privately Held Companies : 37 months; Publicly Traded Companies: 46 months

• Security Teams Operating in a Hybrid vs Remote vs In-Office Model:   Privately Held Companies had 61% of security team members operating in a hybrid model, 36% fully remote, and 3% solely in-office. In contrast, Publicly Traded Companies had 69% of their security team members operating in a hybrid setup, 26% remote, and 5% exclusively in the office.

• Reporting Structure: Reporting structure for the CISO continues to be a nuanced decision. In Privately Held Companies, more than half of CISOs report to the CEO or Sr. Engineering Leaders, while in Publicly Traded Companies, more than half of the CISOs report to the CIO or Sr. Engineering Leader

• Scope of the CISO: In addition to owning the organization’s information security program, the CISO’s role in Privately Held Companies is twice as likely to own IT vs. Publicly Traded Companies.

• Security-Related Spending: The majority of CISOs report they would prioritize building the team with additional funding.

• Diversity, Equality, Inclusion, and Belonging: The lack of diversity within the security industry continues to be a significant challenge. The survey results indicate a decrease in the implementation of DEIB plans, from 97% to 67% in Privately Held Companies and 94% to 85% in Publicly Traded Companies. Hitch Partners believes focused efforts are needed to address this gap.

* Total compensation consists of base salary, estimated bonus, and estimated equity.  With all reported equity values, they are the estimated value at the time of reporting. 

ADDITIONAL INFO

Hitch Partners would like to extend our gratitude to all the CISOs who participated in our sixth Annual CISO Compensation Survey. We are always striving to improve our reports and surveys. Please share your feedback on what you found useful, what was not helpful, and any suggestions for topics to cover in future surveys.

Special thanks to our Data Science department who worked to compile, analyze, and present the figures you’re enjoying.  Our Data Science team has followed a methodology to anonymize responses (i.e. permanently scrubbing data of identifying information - name/email address/company etc.) before utilizing the responses gathered to conduct analysis prior to transmission to the Data Analysis platform (Tableau) used for this survey.

If you are interested in contributing to next year's CISO survey, please join the Hitch Partners Network.

All rights reserved. No part of the contents hereof may be reproduced or shared in any form without the prior written consent of Hitch Partners LLC.  All data received from participants will be treated as strictly confidential and will not be sold or used for advertising purposes whatsoever.