APAC pay gap could see CISO and cyber talent exodus

The role of the CISO is changing. As reported by a Business Chief-backed report, we are entering a Golden Age of the Chief Information Security Officer.

This research is backed up by the 2023 Global Chief Information Security Officer (CISO) Survey, released by Heidrick & Struggles.

That research says organisations and leaders must recognise the role of the CISO and prepare for the future.

Some three-quarters (76%) of CISOs said they were very or entirely open to switching companies in the next three years – so business leaders should take note, especially during a huge skills shortage in cybersecurity.

Heidrick & Struggles compiled organisational and compensation data from a survey of 262 CISOs globally. Respondents were from the US, Europe, and Asia Pacific, while compensation data was collected for respondents in the US, Europe, and Australia. The average cash compensation for CISOs in Australia was US$368,000 – compared to US$620,000 in the US, and US$457,000 in Europe.

This suggests a wider pay gap for the APAC region when compared to the US and Europe, which could bring about a CISO talent exodus.

AI and ML are biggest concerns for CISOs

“The increasing importance of cybersecurity in today's landscape is creating a significant shift in the role of the CISO as organisations face heightened professional and personal risk,” said Matt Aiello, Partner at Heidrick & Struggles.

“The most advanced companies are taking measures to eliminate risk within the CISO role, while strengthening their overall cyber program through robust succession planning, severance protections, D&O policies, and including cyber expertise on boards.”

Cybersecurity is an ever-changing beast, and organisations, and their CISOs, are struggling to keep up – especially with the rise of artificial intelligence (AI).

In the survey, 46% of CISOs said AI and machine learning (ML) were the most significant concerns, followed by geopolitical risks (33%) and cyberattacks (19%). More than half said they believe the most significant cyber risks today will be different in five years' time.

The pressure on CISOs is mounting. A worrying 71% of respondents said stress was their most significant personal risk, up from 59% in 2022.

With companies facing a talent crisis when it comes to cyber security, business leaders need to think long and hard about how they are treating their cyber staff.

More opportunities for CISOs to make their mark

This is especially important when demand is high for cybersecurity expertise. CISOs are increasingly vital to companies and valued for their knowledge, skills and diverse backgrounds.

However, while the role is growing in importance, many organisations simply are not looking ahead and making plans for the future. Some 41% admit their company does not have a succession plan in place for the CISO.

“It is encouraging to see a leap in the number of CISOs sitting on corporate boards, but there is still work to be done in terms of board knowledge and expertise in cybersecurity,” added Scott Thompson, Partner at Heidrick & Struggles. 

“And while we applaud the increase in CISOs on boards, other executives can serve as cyber experts on boards including CIOs, CTOs, GCs, Chief Risk Officers, and many others. One size does not fit all – each board can decide what kind of cyber expertise fits its needs. But this is no longer an area boards can't take seriously.”
​​​​​​​
The annual Global Chief Information Security Officer (CISO) Survey takes into consideration organisational structure and compensation.