Chief information security officer salaries skyrocket as high as $420,000, survey finds

With big issues on CISO plates, including malware, application security, cloud security and others, a new study from cybersecurity staffing firm SilverBull found that salaries are on the rise, with the highest up from $380,000 in January 2016.
By Bill Siwicki
02:13 PM

The demand for chief information security officers in the U.S. is rising, and so are the salaries of these increasingly important executives. The average compensation range for CISOs, in fact, starts at $136,000 and peaks at $345,000; the median salary for a U.S. CISO is $223,000, according to a new study from SilverBull, an IT and cybersecurity recruiting and staffing firm.

But many CISOs make a lot more dough. For example, according to SilverBull, the top of the average salary range by location varies, including $421,000 in San Francisco, $406,000 in New York, $380,000 in Washington, $378,000 in Los Angeles, $362,000 in Chicago, and $348,000 in Atlanta.


Sign up for the Healthcare IT News Privacy & Security Update newsletter. 


The most common job titles for the CISO position include CISO, director of information security, director of information technology and director of information technology security.

The CISO position has become more important than ever in healthcare, and healthcare CISOs should report directly to the CIO for maximum effectiveness, said Anahi Santiago, CISO at Christiana Care Health System.

“Information security has become such an integral aspect of being able to build brand and advance progress in healthcare delivery, so being able to report to the person who sets the vision and thus integrate information security into everything we bring out to the market has become really important,” Santiago explained. “It also helps the CISO to be so close to the capital of the CIO; some of my peers who do not report into IT struggle to gain the capital leverage to implement things and, further, often are at odds with IT because they are seen not as a peer but as an enforcer.”

In its report, SIlverBull said the most pressing issues for CISOs today include: advanced persistent threats, cloud and application security, software-defined networks, the proliferation of Bring Your Own Device, and malware such as ransomware, among others. 

WIth the rise of ransomware attacks, data breaches, and Health and Human Services Office for Civil RIghts second wave of HIPAA audits now underway, security professionals  most notably CISOs are harder to attract and retain than ever. And that may help explain why top-tier salaries rose to $420,000 since SilverBull last conducted it in January of 2016, at which point $380,000 was the top.

[Also: CISOs: Healthcare's new rock stars. Special report: Ransomware to get worse, hackers targeting whales, IoT opens new vulnerabilities]

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.