IANS Research and Artico Search Unveil “State of the CISO 2023-2024” Report

Research reveals CISOs are being asked to do more with less while incurring more personal legal risk; CISO job satisfaction decreased in the last year, with 75% considering an employment change.

BOSTON, Jan. 17, 2024 /PRNewswire/ — Today, IANS Research and Artico Search released its State of the CISO 2023-2024 Report, an annual research study that provides deep insights into critical aspects of the CISO role based on background, job level, compensation, budget dynamics, board engagement, and job satisfaction data. This year, more than 660 Chief Information Security Officers (CISOs) provided data. Additionally, research team members held conversations with over 100 CISOs to better understand the challenges CISOs face today and future opportunities.

At the outset of 2024, CISOs are experiencing a duality of anxiety and opportunity, which is attributed to reduced cybersecurity spending, increasing cyber breaches, the rise of generative AI tools, and stricter cybersecurity rules emphasizing disclosure requirements. In this context, key report findings include:

  • Traditional CISO role characteristics may no longer meet the needs in this rapidly evolving landscape. This situation gives CISOs an unprecedented opportunity to argue for a place in the executive ranks. Furthermore, the increased threat environment organizations face gives CISOs more ammunition to influence leaders outside their direct sphere of control.

  • Regulators now hold CISOs accountable for transparency and even fraud on behalf of their organizations. Despite the role expectations being elevated to C-Level, CISOs struggle to be viewed as such, and the CISO role is frequently not part of the senior leadership team. Only 20% of all CISOs and 15% of public company CISOs are regarded as C-Level executives, and just 50% engage with the Board quarterly. CISOs with Board access are more optimistic about budget and risk alignment. Only 28% without Board engagement are satisfied versus 57% with at least infrequent or ad hoc Board contact.

  • CISOs seek clear risk guidance from boards but often don’t find it. 85% of CISOs in the survey indicated their board should offer clear guidance on their organization’s risk tolerance for the CISO to act on. However, just 36% find that this is the case.

  • A seat at the table calls for increased business skills. Most CISOs build their leadership skills through executive coaching and formal leadership training; the total compensation of CISOs currently in/completed an executive coaching program exceeds those who haven’t done a leadership skill development program by more than $200,000. Only 20% of CISOs receive internal mentoring from non-tech colleagues.    

  • Technology skills dominate CISOs’ formative years. In the years leading up to the top job, the two dominant career paths are a technical path and a risk and compliance path, although some CISOs have crossed over during their formative years. CISOs with a tech background earn more than risk/compliance CISOs. 

  • Most CISOs are considering a job change. This year’s satisfaction ratings suggested heightened anxiety among CISOs. Between 2022 and 2023, the share of CISOs who are satisfied in their job and company fell by 10 points to 64%. Meanwhile, the share open to a job change increased by 8 points to 75%.   

“We see CISO satisfaction positively correlated with access and influence at the board level,” stated Steve Martano, a partner in Artico Search’s cybersecurity practice and IANS Faculty member, “CISOs with a strong rapport with their boards feel more valued and generally report they are ‘heard’, even when there are disagreements on budgeting.”

For more insights, please download the full summary report.

Survey Methodology
IANS and Artico Search fielded the fourth annual CISO Compensation and Budget survey in April 2023. From early April until the end of October, we received survey responses from 663 security executives from companies that varied by size, location, and industry. Of the sample of 663 CISOs, 609 work in the U.S. and Canada.

The three largest industries in terms of representation among CISOs in the U.S. and Canada in the sample are finance (27%), healthcare (21%) and tech (17%). Nearly half (46%) of respondents work at companies with less than $1 billion in annual revenues, 41% work at firms with $1 billion to $10 billion in annual revenue, and 13% represent companies with more than $10 billion in annual revenue. The research team also conducted unstructured interviews with approximately 100 CISOs throughout October and November of 2023.

Artico Search
Founded in 2021, Artico Search’s team of executive recruiters focuses on a “grow and protect” model, recruiting senior go-to-market and security executives in growth venture, private equity, and public companies. Artico’s dedicated security practice delivers CISOs and other senior-level information security professionals for a diverse set of clients.

IANS Research                                
For the security practitioner caught between rapidly evolving threats and demanding executives, IANS is a trusted resource to help CISOs and their teams make decisions and articulate risk. IANS provides experience-based insights from a network of seasoned practitioners through Ask-an-Expert inquiries, a peer community, deployment-focused reports, tools and templates, and executive development and consulting.

Media Contact:
Angelique Faul
Silver Jacket Communications
513.633.0897

371531@email4pr.com

SOURCE IANS Research