Australian companies risk losing best and brightest cybersecurity talent
New research by Heidrick & Struggles finds that local CISOs are paid less than counterparts in Europe and United States
Heidrick & Struggles, a premier provider of executive search, leadership assessment and development services,found that Australian companies need to do more to attract and retain leading Chief Information Security Officer (CISO) talent.
Due to the scale of the Australia market, companies who seek to attract CISOs need to strike a balance between challenges and rewards the role offers. Top areas CISOs evaluate when joining a company include access to leading software, close partnerships with leading authorities, key research and content leaders in cybersecurity, compensation and cost of living.
A new study by Heidrick & Struggles has found that the average total cash compensation for CISOs in Australia was around AUD543,000, which fell well short compared to Europe’s average of AUD674,000 and the US’s median of AUD913,000. The average total compensation with incentives for Australia, including any annualised equity grants or long-term incentives, was AUD863,000, slightly higher than for Europe at AUD813,000 but much lower than the US’ median average of AUD1.6m.
The importance of the role of the CISO continues to grow as digital technologies, particularly artificial intelligence, become even more prevalent, and concern about cyberattacks, specifically ransomware, rises. Hybrid working also remains a post-pandemic fixture, creating security headaches for IT security teams and CISOs. The role has taken on greater prominence at a time when cyberattacks have become relentless and increasingly sophisticated, and millions of people continue to work from home.
Commenting on the research, Managing Partner of Heidrick & Struggles Australia, Graham Kittle said:
"Australia needs to do more to compete for accomplished talent. CISOs are in high demand globally; and with the recent spate of cyberattacks locally, it is now more critical than ever for us to retain and attract CISOs. While the scale of companies across regions differ, it is still critical that we fully resource and support the CISO and their security teams to be effective.”
Not surprisingly, the study also revealed that Australian security teams are smaller than their US and European counterparts, with 51 per cent of Australian teams comprising 25 people or less, compared to 46 per cent of European and just 22 per cent of US security teams being that size. At the other end of the scale, only 10 per cent of Australian security teams were 200 people or larger, compared to a quarter of US teams (24%) and 15 per cent of European teams.
The majority of CISOs globally report having spent most of their careers in the technology infrastructure function. The industry also continues to see the skill set moving towards more technical cyber leaders, notably coming from software engineering backgrounds, as there is an increasing need for leaders with technological acumen to communicate with engineers and developers at a deeper level.
In Australia, less than half (40%) of CISOs came from a CISO role prior to their current one, with 51 per cent coming from another IT or information security-related role, compared to 62 per cent in the US and 63 per cent in Europe. Therefore, emphasising the need to continue to develop and resource local CISOs, as well as offer a more robust foundation for the role.
CISOs in Australia also tend to have lower reporting lines with just three per cent reporting to the CEO, while 36 per cent report to the CIO, and 28 per cent to the CTO. However, a majority of CISO respondents (59%) globally present to the company’s board of directors. Concerningly, just under half of CISOs globally say that the board has the knowledge or expertise to respond effectively to their presentations.
Partner of the Global Technology & Services Practice in Melbourne, Max Randria also added:
“With a view to the global environment and trends we have seen in recent years in the security industry, we anticipate an increase in pressure on corporate Australia to further uplift and elevate the CISO role within organisations. Readiness for this shift is critical in parallel to the application of AI and new digital technologies. The role of CISO is unquestionably evolving.”
The study also highlights the need for organisations to have a robust succession plan for their CISOs. With high demand for security leadership talent on a global scale, succession planning is an imperative that organisations should actively promote.
View the full global report here:
Just some of the Headline Stats that have come out of the research includes:
- The average total cash compensation for CISOs in Australia was around AUD543,000, which fell well short compared to Europe’s average of AUD674,000 and the US’s median of AUD913,000.
- Australian security teams are smaller than their US and European counterparts, with 51 per cent of Australian teams comprising 25 people or less, compared to 46 per cent of European and just 22 per cent of US security teams being that size.
- CISOs in Australia also tend to have lower reporting lines with just three per cent reporting to the CEO, while 36 per cent report to the CIO, and 28 per cent to the CTO.
- Concerningly, just under half of CISOs globally say that the board has the knowledge or expertise to respond effectively to their presentations.
About Heidrick & Struggles
Heidrick & Struggles (Nasdaq: HSII) is a premier provider of global leadership advisory and on-demand talent solutions, serving the senior-level talent and consulting needs of the world's top organizations. In our role as trusted leadership advisors, we partner with our clients to develop future-ready leaders and organizations, bringing together our services and offerings in executive search, diversity and inclusion, leadership assessment and development, organization and team acceleration, culture shaping and on-demand, independent talent solutions. Heidrick & Struggles pioneered the profession of executive search more than 65 years ago. Today, the firm provides integrated talent and human capital solutions to help our clients change the world, one leadership team at a time. ® www.heidrick.com