For top cybersecurity talent, companies pay over $500,000: Report

For top cybersecurity talent, companies pay over $500,000: Report

Cybersecurity strategy success depends on appropriate staff size and salary to retain top talent, according to a report from security analysis firm IANS.

CISOs have a huge amount to consider when trying to align their plans with those of the broader organisation if they hope to hang on to their top talent.

To keep pace, according to a survey released today by security analysis firm IANS and headhunting firm Artico, recommend keeping compensation at the high end of the range — the top 25 per cent of earners tend to be perceived as the top performers in their roles.

Across the various specialities — including SecOps and governance, risk, and compliance (GRC) — that top 25 per cent averages around US$523,000 per year in cash compensation and US$640,000 in total compensation with equity.

The “floor” of the top 25 per cent varies by speciality, from US$360,000 in total compensation for identity and access management leaders, up to $465,000 for a deputy CISO and US$447,000 for a product security department head.

The report also found that businesses’ cybersecurity organizations generally divide themselves into three broad structures, based mostly on the size of the company at the time. Fortune firms, which the study classifies as those with more than US$6 billion in annual revenue, generally have four organizational layers beneath the CISO and more specialist executives than smaller companies — about half have deputy CISOs and a quarter have a “global” CISO who handles worldwide security issues.

“Large enterprise,” according to the IANS and Artico report, runs from US$6 billion in revenue down to US$400 million. They tend to have two to three layers of support staff under the CISO, and tend to feature specialist leadership in particular subject matter areas. Finally, “midsize” companies cover the US$400 million to US$50 million per year bracket of annual revenue and are characterised by smaller teams where each member has multiple responsibilities.

The presence of various sub-specialists tends to scale with the size of the company, according to the survey, which polled 1,195 CISOs and cybersecurity staff members. At roughly the US$1 billion annual revenue mark, the SecOps head becomes more common than not, with GRC, architecture and engineering, and identity and access management, becoming more commonplace as revenue rises and the number of full-time employees on the security team increases.

The total number of people on staff also scales relatively well with revenue, according to the report. At the US$100 million mark, most companies have between one and nine full-time security workers, while businesses in the study’s “Fortune” tier tend to have at least 20, and up to 50 or 100 at the largest firms.

Aligning the cybersecurity team with the company’s needs is a critical consideration for CISOs, the report said.

“The data indicates that, across sectors, roughly 15 per cent are at or approaching a revenue milestone that warrants the addition of a head of SecOps to their security organisations, based on what is typical for their peer group,” the study said. “For 15 per cent of CISOs, the head of AppSec is a likely or critical hire, followed by 13 per cent for a head of IAM.”

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments