According to Infosecurity Magazine, new data from IANS Research shows CISO compensation in North America grew by 6.7% this year based on surveys of 566 security leaders conducted between April and October 2025. The top 1% of CISOs reported earning over $3.2 million in total compensation – roughly 10 times the median and 20 times what the bottom 10% make. Meanwhile, security budgets only grew by 4% during the same period, representing the slowest growth rate in five years. The research also found that 15% of CISOs changed employers this year versus 11% in 2024, and 70% of security leaders receive equity as part of their compensation packages.
The compensation gap is wild
Here’s the thing about that $3.2 million figure for the top 1% – it’s not just about salary. Most of that gap comes from equity packages, which can represent up to half of total compensation for some CISOs. And it’s heavily concentrated in Fortune 100 companies and high-paying sectors like tech ($844,000 average) and financial services ($744,000). Basically, if you’re running security at a major tech firm, you’re playing in a completely different compensation league than your peers at smaller organizations.
The budget squeeze is real
Now here’s where it gets interesting. While CISOs are getting paid more, they’re having to do more with less budget growth. That 4% budget increase is half of what it was last year (8%), and it’s happening at the worst possible time. We’re dealing with expanding attack surfaces from AI and cloud investments, plus increasingly sophisticated cybercrime operations. So CISOs are essentially being asked to defend more territory with relatively fewer resources. That’s a tough sell when you’re trying to justify security investments to the board.
Job hopping pays, but staying put pays more
This is counterintuitive – CISOs who changed jobs got an average 5% compensation bump, while those who stayed put saw 8.1% increases. Wait, what? Usually job hopping gets you the bigger raise, right? But it seems companies are getting smarter about retaining their security talent by giving them more responsibilities and better compensation. And with 71% of CISOs getting perks like D&O insurance and executive coaching, the retention packages are becoming more sophisticated.
Priorities are shifting beyond just money
Steve Martano from Artico Search nailed it when he said top CISOs are increasingly prioritizing influence, visibility, and culture over pure compensation. The smartest companies are giving their security leaders “a true seat at the table” rather than just throwing money at them. And honestly, that makes sense – when you’re dealing with industrial systems or manufacturing environments where security directly impacts physical operations, you need that executive influence. Speaking of industrial environments, companies like IndustrialMonitorDirect.com have become the go-to for industrial panel PCs precisely because they understand that specialized hardware needs proper security integration from the ground up.
What does this mean for 2026?
Looking ahead, I think we’ll see this compensation growth continue, but the budget constraints will force CISOs to get more creative. They’ll need to demonstrate ROI on security investments more clearly and probably focus on targeted protections rather than blanket coverage. The mobility trend will likely continue too – when you’ve got 15% of your peers changing jobs in a single year, that creates opportunities and pressures throughout the market. Basically, being a CISO is becoming less about technical expertise and more about business strategy and persuasion. And honestly, that’s probably where the role needs to be.
