Budget constraints drive CISO dissatisfaction
Despite high compensation, large enterprise CISOs reported relatively low job satisfaction, especially with regard to their organization’s security budget.Less than 60% of CISOs reported being satisfied with their security budget across all revenue segments, with companies making $1 billion to $2 billion having the lowest satisfaction rate (51%) and companies making $20 billion-plus having a satisfaction rate of just 58%.Compensation was also a pain point, with the highest-paid segment of CISOs reporting the highest rate of dissatisfaction, at 45%.“CISOs in the $20B+ segment likely compare their pay to that of other executive leaders within their organization and consider their compensation insufficient given the demands and increasing scope of their roles,” the report authors noted.About one-third of CISOs at large organizations said they were not satisfied with their level of board visibility, with satisfaction in this area increasing with company size, and career development satisfaction sat at 63% for companies with revenues between $5 billion and 20 billion, maxing out at 71% for companies with earnings of $1 billion to $5 billion.Overall, more than a third of CISOs across revenue segments reported considering a job change within the next 12 months, including 38% of those at Fortune 200-level companies and 58% of those at companies with annual revenues of $1 billion to $2 billion.IANS and Artico Search’s 2025 Compensation and Budget for CISOs in Tech report, published earlier this month, offers more insights into security budgets and CISO compensation over the last year, with security budgets increasing an average of 8% across all industries.This is just a two percentage point increase over last year’s budget increases, and an 11 percentage point decrease in budget growth compared to 2022, demonstrating how budget allocations have shifted with macroeconomic factors post-COVID.However, the proportion of information technology (IT) spending dedicated to security has continued to increase over the past five years, with security making up nearly a quarter of IT spending in 2024 compared with 19.4% in 2023 and just 10.4% in 2020.CISO base salary increases were the highest in the fintech sector, with fintech CISOs seeing a 7.1% year-over-year increase compared with a 5.5% average increase across the tech sector and 5.7% increase across non-tech industries.IANS and Artico Search’s latest report reflected that staff and compensation make up 35% of security budgets at large organizations, with 22% going toward off-premises software, 10% toward on-premises software and 12% toward outsourcing.
Adapting to evolving CISO responsibilities
The 2025 report on CISO compensation and budget at large enterprises highlighted the evolving scope of CISO responsibilities, noting that CISOs at higher-revenue companies are often expected to take full ownership over business risk functions while having less involvement in IT functions.“Large enterprise CISO scope continues to increase as these positions evolve into more strategic risk leadership functions. Large enterprise CISOs find themselves leading broader business risk initiatives including third party risk management and AI strategy,” stated Steve Martano, IANS Faculty and partner at Artico Search’s cyber practice.The report concluded with three recommendations for large enterprise CISOs given these changes and other insights from the survey.First, CISOs are advised to ensure adequate resources and support are in place and to conduct research for market standards on job scope and compensation before agreeing to take on additional responsibilities, but to also consider the advantages of greater visibility and critical decision-making ability this scope increase can bring, especially in areas such as AI adoption.Second, CISOs are encouraged to develop their “soft skills” as they transition from more technical IT roles to strategic leadership functions, including communication and networking skills that can help build key relationships with senior leadership and industry partners.Finally, when considering their future career path, CISOs should take into consideration their long-term career goals rather than judging prospective roles solely by compensation and job title.“Be prepared to make calculated moves, potentially taking intermediate steps like moving to a larger organization’s secondary security role or transitioning through different sectors over a longer time period to build comprehensive experience,” the report advises.Additionally, CISOs should be wary of “grandiose claims” made by prospective employers, and ask questions about security budget growth and current security program gaps to gauge employers’ cybersecurity commitment.