Cyber security salaries are higher than you might expect – Chief Information Security Officers (CISOs) earn an average base salary equivalent to the compensation of other C-level executives for 50 percent of survey respondents in the 2013 Salary Benchmark Report.

According to the Ponemon Institute and SecureWorld Expo report, reporting channels make a huge difference on salary – those who report to the CEO make a significantly higher salary, but they are also at risk to be the first fired. The top reason security staff leave an enterprise is compensation, leading to the conclusion that an organization’s biggest vulnerability may be its own information security team, due to unfilled jobs and a lack of funding.

The report also found that 43 percent of cyber security professionals rate their position as the most difficult one in the organization.

According to a press release, additional key findings include:

  • Compensation varies widely based on the following factors, in order of highest impact:
    • Steps from the CEO / Reporting Channel: CISO reporting to the CEO enjoy a 36 percent jump in average annual salary, followed by direct lines to the CFO, COO, CIO or CTO. Ironically, few actually report to the CEO and the majority (46 percent) report to the CIO.
    • Industry Sector: The Communications sector leads in average annual salary, followed by Financial Services, Services and 11 other categories; Health & Pharmacy ranks lowest with Defense close by.
    • Organization Headcount: The biggest jumps in technicians’ average annual salary occur in organizations with more than 75,000 employees.
    • Geo Footprint: Organizations with a global footprint pay more than domestics.
    • Gender: In another surprise finding, men make only 5.5 percent more than women in the top security executive positions.
  • Certifications matter... but not as much as you think. Professionals with certifications earn only 8.7 percent more than those without; however those with advanced degrees demand up to 35 percent higher salary.
  • Lack of adequate funding is the biggest barrier to team success. Fifty-six percent of respondents cited lack of adequate funding as their biggest barrier to success, followed by IT complexity (42 percent) and lack of qualified personnel (41 percent). In fact only eight percent report having cyber security teams of over 20 FTEs, with the majority operating with 6-15 FTEs.
  • The study also identifies trends related to the CISO position specifically, such as how many organizations have a CISO; how many have a formal reporting structure to the board; what metrics are used to determine the success or failure; and the seven critical career success factors.

The benchmark study was conducted among 133 enterprise-class companies (with 1,000 employees or more).