Comp, Budget and Satisfaction for CISOs in Financial Services:  Benchmark Report is Live

The financial services sector is known for its mature cyber programs, driven by strict regulations, a constant high cyber threat level, and low-risk profiles. This industry’s high level of cyber sophistication helps to drive and influence market trends in CISO compensation, security budgets and satisfaction levels.

To provide first-hand insight into Financial Services CISO compensation we jointly fielded our annual survey, with Artico Search, featured objective data from over 660 CISOs regarding roles, compensation, job satisfaction, board engagement and career development.

In this piece, we're highlighting findings and guidance from our Compensation, Budget and Satisfaction Benchmark for CISOs in Financial Services, 2023–2024 Report around conditions impacting CISOs in the Financial Services industry enabling them to make informed decisions and better benchmark their situation against that of their peers in the industry. It offers breakouts for four financial services subsectors, specifically, banking and lending, insurance, investment and asset management, and fintech.

About half of financial services CISOs have quarterly board engagements

With boards, regulators, customers and investors all placing greater emphasis on cybersecurity, it follows that CISO engagement with the C-suite and board of directors rises. At banks and lending firms, 69% of CISOs report to the board on a quarterly basis.

At fintech and investment and asset management companies, board engagement is less frequent and even absent for 18% of fintech CISOs (see Figure 1).

Job satisfaction has dropped among financial services CISOs

Sixty-one percent of financial services CISOs are satisfied with their job, which is a 10-point drop from last year. Satisfaction is strongest among CISOs in insurance, banking and lending, and investment and asset management. Among fintech CISOs, 36% are very or somewhat dissatisfied with their role (see Figure 2).

The combination of smaller budget growth, increasing threat levels, new SEC rules and CISO liability enforcement actions, and little to no engagement at the board level for nearly half of financial services CISOs is having an impact on job satisfaction.

Matt Comyns co-founder and president, in Artico Search isn’t surprised by the decline in satisfaction levels:

There is often a shelf life for a CISO in the high-stress environment of a publicly traded global financial services firm. Because most CISOs are open to a move but did not find a better opportunity elsewhere in 2023, it’s not surprising that satisfaction numbers dipped heading into 2024.

Recommendations for CISOs in the Financial Services Industry

Financial Services organizations are encouraged to review how critical they consider their organization’s security relative to CISO’s job satisfaction. CISO’s can use the data in this report as a guide to better inform and educate organization leadership about the importance of how board engagement compensation and budgetary levels affects job satisfaction levels.

Research-backed data like this is not only helpful for CISOs to use it as input regarding their own job satisfaction, but also in benchmarking how their job satisfaction compares to their financial industry peers.

CISO Compensation & Security Budget Benchmark Reports

Each year, IANS, in partnership with Artico Search, conducts a survey of CISOs across the U.S. and Canadas on CISO compensation, security budgets, key security staff compensation and job satisfaction.

The findings from this survey are published in a series of in-depth reports that feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, budget, department and career path.

Download the Compensation, Budget and Satisfaction Benchmark for CISOs in Financial Services, 2023–2024 Report – the sixth in our 2024 series of reports – for additional insights and data on the evolving CISO role within the security organization.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.