- 46% of CISOs identified AI and machine learning as the most significant cyber risks
- 71% of CISOs identify stress related to their roles as their most significant personal risk, up from 59% in 2022
- 41% of CISOs don't have a succession plan
- 30% of CISOs currently sit on a corporate board, a notable leap from 14% in 2022
Additional research from
"The increasing importance of cybersecurity in today's landscape is creating a significant shift in the role of the CISO as organizations face heightened professional and personal risk," said
The importance of the role of the CISO continues to grow as digital technologies, particularly artificial intelligence, become even more prevalent and concerns about cyberattacks, specifically ransomware, rise. When it comes to organizational risk, 46% of CISOs cited artificial intelligence and machine learning as most significant, followed by geopolitical risks (33%) and cyberattacks (19%), which include ransomware, malware, insider threats, and nation/state attacks. More than half of respondents said they believe that the most significant cyber risks that pose a threat today will not be the same five years from now.
In addition to technological advances and more sophisticated threats, CISOs also face increasing pressure to stay ahead of the curve, leading to stress and burnout—which remain top personal concerns for CISOs year over year, as evidenced by 71% of respondents who identified stress related to their roles as their most significant personal risk—a concerning jump from 59% in 2022. 54% identified burnout as their most significant personal risk, up from 48% in 2022.
To address this, organizations must prioritize succession plans and/or retention strategies to prevent CISOs from exiting unnecessarily. There is room for hope, however, as 80% of respondents agree that, within their roles, they are able to invest in leadership and development to build or enhance team capabilities.
The demand for cybersecurity leadership and the specialized skills that come along with it, as well as diversity in executive positions, has become increasingly crucial within organizations, executive teams and at the board level. The survey sheds light on the fact that companies are now seeking to broaden their horizons, venturing beyond traditional industry-and IT-specific criteria when selecting CISOs. They are actively searching for the most qualified executives for the role, with a focus on diversity in terms of gender, race or ethnicity, as well as industry and functional expertise.
While the role of the CISO is increasing in importance, many organizations aren't prepared for the long run. The survey found that almost half (41%) of respondents say their company does not have a succession plan in place for the CISO role, though more than half of those that do not have a plan are developing one. This underscores the need for organizations to prepare for unforeseen departures of CISOs and ensure they have a solid plan developed to seamlessly transition responsibilities.
Furthermore, the survey reveals that while over half of respondents expressed a belief that their corporate board possesses only partial or no knowledge and expertise required to effectively respond to cybersecurity presentations, only 30% of CISOs currently sit on a corporate board. This is a notable leap from the 14% who said the same in the prior year, yet still unveils a concerning gap in board expertise.
"It is encouraging to see a leap in the number of CISOs sitting on corporate boards, but there is still work to be done in terms of board knowledge and expertise in cybersecurity," added
As seen in previous surveys, CISOs across regions are seeing increased compensation. From an industry perspective, CISOs in the financial services industry reported the highest average total compensation, while those in the technology and services industry received the highest average annual equity/LTI.
United States: Similar to previous years, US CISOs generally report the highest compensation. For CISOs in the United States, reported median total cash compensation increased 6% year over year, to $620,000in 2023. Median total compensation, including any annualized equity grants or long-term incentives, also increased, up to $1,100,000this year. Europe: The average total cash compensation for CISOs in Europewas $457,000. Average total compensation, including any annualized equity grants or long-term incentives, was $552,000. As in the United Statesand Australia, those in the financial services industry reported the highest average total cash compensation, at $623,000. In Europe, those in healthcare and life sciences reported the lowest. Average annual equity/LTI was highest for those in technology and services. Australia: The average total cash compensation for CISOs in Australiawas $368,000. Average total compensation, including any annualized equity grants or long-term incentives, was $586,000. As in the United Statesand Europe, those in the financial services industry reported the highest average total cash compensation, at $501,000.
The role of the CISO is continuing to evolve to meet the rapid pace of disruption and new challenges organizations face every day—and with that, leaders must recognize their unique yet important position in organizations.
About the 2023
Director, Public Relations,
View original content:https://www.prnewswire.com/news-releases/heidrick--struggles-annual-ciso-survey-reveals-ai-and-machine-learning-pose-the-most-significant-cyber-risks-while-stress-levels-reach-new-heights-301853479.html