Businesses' increasing demands on security prompt exploration of CISO remuneration trends
In the rapidly changing digital landscape, the role of the Chief Information Security Officer (CISO) has grown exponentially. As cybersecurity becomes a top business risk for companies worldwide, the importance of a robust and effective security function has never been greater.
John Bambenek, President at Bambenek Consulting, noted that pay transparency allows CISOs to see their worth more easily, a reflection of the growing recognition of their critical role within a company. This transparency has been a catalyst for the blossoming of the security function, giving security professionals a higher role and a seat at the table with the rest of leadership.
According to various reports, the current average total compensation (salary plus bonuses and incentives) for a CISO in the United States in 2025 ranges from approximately $270,000 to $580,000, with some top CISOs earning over $1 million annually when including equity and performance bonuses.
Salary.com reports an average CISO salary of about $341,265, ranging from $248,049 to $457,061. Glassdoor lists an average base salary around $178,125, but total median compensation including bonuses averages $270,077. PayScale shows an average CISO salary of $181,058, with the highest reported pay around $246,000.
CISOs with expertise in AI, cloud, and zero-trust architectures may see total compensation reach $600,000–$700,000 or higher; top performers may exceed $1 million. In comparison to other related executive roles, the average Chief Information Technology Officer (CITO) salary is somewhat higher, about $369,000 base, with total pay also elevated due to bonuses and equity.
Despite the significant compensation, CISOs continue to face value biases that leave them underpaid, as security is not yet seen as a revenue generator for organizations. However, this is starting to change, with more CISOs being welcomed as full members of the C-suite and enjoying the compensation and perks that come with the status.
In fact, a study by IANS Research and Artico Search found that the majority of CISOs would consider a job change. This could be due to the increasing workload, with being asked to do more creating a burnout problem for CISOs. To address this issue, companies are paying more to keep high-tech CISO talent in-house with retention packages and market-adjusted pay raises.
Moreover, bonus programs can be more attractive for security professionals as they allow them to share in the successes of the company. Companies pay more to attract and retain the best talent they can, according to Walker.
In recent years, pay transparency laws in several states have required companies to disclose salary and compensation in job postings, which may have contributed to the steady and higher-than-average increase in CISO salaries. As the importance of cybersecurity continues to grow, it is expected that the compensation for CISOs will continue to rise, reflecting the increasing organizational emphasis on cybersecurity leadership given evolving threats and regulatory demands.
- The evolving threats and regulatory demands in the digital landscape have made cybersecurity a top business risk, emphasizing the importance of a robust and effective security function.
- CISOs with expertise in AI, cloud, and zero-trust architectures may see total compensation ranging from $600,000 to $700,000, even exceeding $1 million with bonuses and equity.
- In the rapidly changing digital landscape, pay transparency laws in several states have contributed to the steady increase in CISO salaries, with a majority of CISOs considering job changes due to the elevated workload.
- Companies are implementing retention packages and market-adjusted pay raises to keep high-tech CISO talent in-house, as they understand the value of cybersecurity leadership in the face of evolving threats and regulatory demands.
