Baseball managers watching the playoffs from home aren’t the only pros thinking about changing careers.
There are more unsettled CISOs this year than last, according to an October survey from IANS Research and the exec-search firm Artico Search, as salary and bonus increases—and cybersecurity budgets—have stalled.
One reason for a slight salary standstill: CISOs are mulling more than moving, which prevents a potential pay spike from a new employer seeking specialized security expertise.
“Most CISOs are looking for another opportunity, yet most are staying put at their current jobs because they're simply not seeing the interesting opportunities that were available a year or two ago,” Matt Comyns, CEO of Artico Search, said in the report.
CISO respondents considering a new line of work in the next 12 months increased from 67% in 2022 to 75% this year. The most recent survey, conducted between April and August of 2023, included compensation data from more than 600 chief information security officers in the United States and Canada.
Yet only 12% of surveyed CISOs changed employers during that 2023 time period, compared to 21% last year.
Generally speaking: When employees don’t make moves, neither do their salaries.
Security employees may not be finding enticing professional alternatives, as organizations spend less and less on cybersecurity. A separate study from the same companies last month found a 6% growth in security allocations between 2022 and 2023—a small amount compared to the 17% increase between 2020 and 2021.
It still pays to be a CISO. Fifty-two percent of the polled security pros claimed a total annual compensation of $400,000 or less. A fifth earn $700,000 or more.
The average increase in total compensation among CISOs, however, dropped from 14% in 2022 to 11% this year, according to the report. 20% of CISOs didn’t receive a comp increase in the past year.
Some CISOs considering a career change may choose to stay in the same ballpark, away from the pressure of increasing compliance requirements, reduced budgets, and advanced threats, according to Steven Martano, partner in Artico’s cyber security practice, who has seen former security leaders transition into deputy leadership roles—albeit higher-paying gigs, potentially—at larger organizations.
“So they’re getting an increase in compensation that’s pretty substantial. They’re decreasing their scope, because they’re not responsible for the full program,” Martano told IT Brew.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.