Expanding the Scope: What's New for the Annual InfoSec Benchmark Survey
2023 marks the fourth edition of our CISO Compensation & Security Budget Benchmark Survey, jointly fielded with executive cyber recruiters at Artico Search. In addition to our annual leadership-focused survey, this year we expanded coverage to include practitioners from all levels across the security function in addition to the BISO (Business Information Security Officer) role.
In this piece, IANS Senior Research Director, Nick Kakolowski and Artico co-founder Steve Martano, discuss the surveys and along with the compelling data and insights that will be a part of this year’s benchmark reports.
1. Why did you initially develop the survey?
Nick: We launched the survey because much of the third-party data out there was not realistic and didn't apply to 90% of the market. We wanted to bridge that gap and find a median that was reflective of the entire CISO and security market from Fortune 1000 to privately held companies across the U.S. and Canada.
Steve: The existing HR compensation data was off as much as 40% and did not match the market. Comparable new compensation bands were needed to help CISOs advocate for not only themselves but also for their security teams. CISOs have reported that our real time, actual market data now enables them to recruit today’s talent much more effectively.
2. Tell us how the surveys and resulting reports have expanded over time.
Nick: In response to CISOs asking for good compensation, staffing and budget data we continue to add greater reporting depth and breadth. We now have garnered enough data and analytics to drive hundreds of report pages with meaningful insights and trends. This is especially true with security budgets and organizations.
This allowed us to expand our original 2020 CISO Compensation and Budget Benchmark Report to eight reports in 2022 encompassing: CISO compensation, security budgets, org structure, CISO satisfaction, hiring/retainment, BISO roles and industry subsectors including narratives and anecdotal data.
3. Expand upon what’s new in this year’s surveys and why individuals should participate.
Nick: The survey continues to be very well received growing from 175 participants in the first year to over 700 projected respondents in 2023. The increase in sample size allowed us to broaden our focus to include cybersecurity staff providing three distinct surveys for specific roles:
- CISO Compensation & Budget Benchmark Survey: Expanded with questions on CISO/board interaction as well as InfoSec organizational best practices.
- NEW: InfoSec Staff Compensation & Career Benchmark Survey: Focused on Security Staff compensation by level, background and experience to gauge the drivers of job and career satisfaction.
- NEW: BISO Compensation & Career Benchmark Survey: Targeting BISOs compensation, scope and rationale as well as overall job satisfaction.
We are really excited to build on what we’ve achieved with the survey and broaden the organizational focus. We expect this year’s findings to allow us to go even deeper with analytics covering critical topics, including:
- Hiring and Retention Guides - to help the HR team recruit, motivate and retain InfoSec professionals. We have the data there as to why they may feel frustrated or isolated to recommend new retention practices.
- CISOs and Board Interaction - will better gauge the level of cyber expertise on boards today to prepare for the upcoming SEC cyber disclosure rules.
- Security Staff Benchmarks - for infosec staff to explore compensation benchmarks for their specific role and level - a big addition this year.
- BISOs Reporting Benchmarks – helps BISOs understand how they compare to their peers along with helping leadership recognize when to add a BISO.
4. What key data points and finding have you found most compelling?
Nick: The value of CISOs having direct reports vs. a solo CISO hired simply for compliance purposes.
An organization is more at-risk to lose their CISO if they feel isolated or underfunded. We see across the board that CISOs consider new opportunities when they feel they are not positioned for success in the organization, whether it’s proper visibility, budgeting, or general organizational support.
Steve: When females elevate to the CISO role, our research tells us they out-earn their male counterparts by 7%.
Many companies require and/or strive to achieve diversity in their slate of candidates—CISO searches being no exception. This created more choices for female CISOs as well as opportunities to increase their compensation by taking on new roles.
5. How have you seen these survey insights benefit CISOs and the security community?
Steve and Nick: When CISOs and security leadership know where they stand compared to their industry peers it’s very empowering. We’ve heard of Fortune 250 CISOs and Fortune 100 CISOs who bring our executive summaries and benchmarks into leadership meetings to justify their budgets and org design. They pull out our data and charts to explain how their companies’ benchmark against industry. The added value of our benchmarks is that they provide peace of mind to InfoSec leaders. It’s very reinforcing to CISOs to learn they are not alone when making decisions about compensation, budgets and org staffing.
Participate in our Annual Benchmark Infosec Study
Want to be the first to receive the latest compensation and career data? Join hundreds of your fellow CISOs and infosec peers across the U.S. and Canada and take this year’s surveys:
- CISO Compensation and Budget Benchmark Survey
- BISO Compensation and Career Benchmark Survey
- Infosec Staff Compensation & Career Benchmark Survey
As a participant, in our survey you’ll be the first to receive a series of in-depth reports featuring current data sets, takeaways, and market-based insights to help you fine-tune your current role, function, and career path.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.