The Chief Information Security Officer (CISO) has become one of the most dynamic and high-impact roles in the enterprise. As cybersecurity grows more critical to business operations and board-level risk conversations, a new class of CISOs is emerging – highly paid, deeply embedded in strategic leadership, and increasingly sought after. Evan Berta, an associate at Hunt Scanlon Ventures, explores how compensation, scope, and visibility are reshaping the role.
A highly readable and insightful report that’s just come out, the 2025 State of the CISO Report by IANS and Artico Search, presents a comprehensive analysis of how the CISO role is evolving in today’s enterprise landscape.
Based on survey responses from over 800 CISOs, the report tracks shifts in organizational structure, compensation, boardroom engagement, and career trajectory. It segments the profession into three categories: Strategic, Functional, and Tactical CISOs, based on their access to leadership and strategic influence.
These distinctions help clarify how scope, visibility, and perception impact satisfaction, influence, and pay.
A standout finding: CISOs at companies with over $20 billion in revenue now average $1.1 million in total compensation, with top earners exceeding $1.3 million. That is a far cry from where these executives were just a few years ago.
These executives often manage security budgets of more than $100 million and lead teams of 200+ professionals. This scale reflects not just operational complexity, but an elevation of cybersecurity leadership into true enterprise strategy.
Expanded Scope
All of this marks a distinct shift in the redefinition of the CISO, from cybersecurity leader to enterprise executive. In fact, as the report highlights, “large organizations pay higher compensation to dual CISO/CIOs, with an average annual pay of $1 million and the top quartile starting at $1.5 million.” These hybrid roles place CISOs at the intersection of security, infrastructure, digital transformation, and enterprise risk.
“Large organizations pay higher compensation to dual CISO/CIOs, with an average annual pay of $1 million and the top quartile starting at $1.5 million.”
Currently, 15% of organizations have adopted a dual CISO/CIO structure, especially among companies with revenues above $1 billion. These positions reverse the traditional structure where IT oversaw security, now placing security at the helm of enterprise technology.
Strategic Visibility
At companies with more than $10 billion in annual revenue, 65% of CISOs now engage with the board on a quarterly basis or more. This frequency reflects increasing expectations for CISOs to inform governance and shape enterprise risk strategy.
Yet, the report reveals a critical tension: “Even strategic CISOs who are close to leadership and invited to critical board sessions may find themselves perceived more as technical operators who provide mandatory updates on security maturity models, rather than as thought partners with truly strategic input and impact.”
This disconnect suggests that while CISOs are being invited into board-level conversations, they are not always treated as peers to other C-level executives, limiting their ability to fully influence business decisions.
The Impact of Scope on Pay
The expansion of the CISO’s remit is directly tied to compensation. While nearly all CISOs manage core infosec domains, those with broader responsibilities, ranging from enterprise risk to AI governance, are driving the top end of the compensation spectrum.
The report notes that top earners increasingly manage portfolios that include “AI, M&A security, data governance, comprehensive IT oversight, and digital transformation and innovation.” These areas directly intersect with enterprise growth and performance, increasing the CISO’s exposure to cross-functional leadership.
The payoff is clear. Median total compensation for dual CISO/CIOs is $1.1 million, with the top 10% earning over $2.7 million. By contrast, traditional CISOs, those who do not own IT or adjacent business functions, report median compensation of $669,000.
A New Era for Cyber Leadership
As IANS and Artico summarize, “These evolving career trajectories underscore the growing strategic importance of the CISO role and the valuable, multidisciplinary skill set these leaders bring to organizations.”
CISOs are now charting paths not only toward enterprise technology leadership but also into emerging roles like Chief Trust Officer, CRO, and even board director. This evolution signals a broader trend: security leadership is no longer a back-office function, it is a front-line driver of resilience, performance, and trust.
For boards, investors, and executive search firms, these shifts signal a recalibration in how cyber leadership is defined, valued, and recruited. The rise of the million-dollar CISO is not just a compensation story, it’s a strategic signal that security leadership is now business-critical.
Article By
Evan Berta
Evan Berta is an Associate at Hunt Scanlon Ventures, specializing in data analysis, market mapping, and target list preparation. He plays a critical role in identifying and building out groups of firms in sectors of interest, including preparing strategic overviews of top potential targets for acquisitions. Evan’s analytical expertise supports the firm’s sourcing initiatives, particularly in identifying niche and emerging market opportunities, and delivering actionable insights on tight timelines.
