Survey: Expanded roles come with greater compensation for cybersecurity leaders

A survey of 805 security executives finds on average they enjoy a salary of $280,000 a year, with some that specialize in areas such as product development making more than half a million dollars a year when working for organizations that generate more than a billion dollars in revenue.

Conducted by IANS Research in collaboration with Artico Search, an executive recruitment firm, the survey also finds that cybersecurity leaders are also expanding their responsibilities, In fact, cybersecurity leaders report that business information security officers (BISOs), chief of staff and heads for privacy, program management and data protection are positions they have the most pressing need to fill, the survey finds.

As the scope of their responsibilities increases, the survey also notes that more cybersecurity leaders are gaining access to boards of directors. Nearly half of cybersecurity leaders (49%) now engage with a board at least once a quarter, the survey finds.

Clearly, the level of compensation being provided aligns with the level of responsibility bestowed, but IANS Research also notes that the rate at which salary increases are being made has slowed in recent years, largely due to more challenging economic times. That may change as the overall state of the economy improves, but most organizations are going to remain cautious until there are more signs of a sustained recovery.

In general, cybersecurity leaders who, in addition to having seen their salaries increase, are going to be happier if they have been also given the authority to affect outcomes. Otherwise, many of them will conclude that there is a high probability of failure, which, if given an opportunity, could result in many of them opting to move on to another organization if the opportunity arises. The report, for example, notes that despite current levels of compensation, a full three quarters (75%) are interested in a job change,

The challenge is that many of the areas they might nominally be responsible for may require working more closely with other C-level executives that, for one reason or another, might not be inclined to be all that cooperative.

As a result, between the level of political acumen required to succeed and the actual volume of increasingly sophisticated threats to the business, it’s little wonder that many cybersecurity leaders are fairly stressed. How they cope with that stress is critical to avoid burning out after a few short years.

On the plus side, the pool of cybersecurity leaders will remain constrained compared to demand, even in the age of artificial intelligence (AI). There are still more open cybersecurity jobs than there are candidates to fill them, and the percentage of cybersecurity professionals that have the management skills needed to become a successful leader is still relatively small. As a result, cybersecurity leaders should be able to command a premium for their skills for many more years to come, assuming, of course, they have the fortitude required to weather a storm that never seems to end.