Welcome to the 2025 Global Chief Information Security Officer Compensation Survey, our sixth annual examination of compensation for this critical enterprise leadership role.

For this report, Heidrick & Struggles compiled compensation data from a survey fielded in summer 2025 of 371 CISOs around the world. Most carried the title of chief information security officer, but respondents also included chief security officers and other senior information security executives.

This report includes organizational and compensation data from respondents in the United States and Europe. We hope you enjoy reading the report, which is now widely recognized as the most authoritative and broadly disseminated survey of its kind. As always, suggestions are welcome, so please feel free to contact us—or your Heidrick & Struggles representative—with questions and comments.

Market context

The role of the chief information security officer (CISO) continues to evolve, reflecting the growing strategic importance of cybersecurity and emerging technologies within organizations. One of the clearest indicators of this shift is a change in reporting lines. In this year’s survey, 42% of respondents report directly to the CEO—three times the proportion in last year’s survey—while the percentage reporting to a CIO or CTO has declined sharply from roughly half of respondents to just 30%. Notably, this trend spans all ownership types (public and private). With more than one-quarter of respondents across every ownership type now operating under the CEO’s direct oversight, information security is no longer positioned as a subset of the IT function. Instead, it is increasingly treated as an enterprise-wide, strategic priority with direct impact on business outcomes, particularly as CIOs and CTOs focus on parallel mandates.

Artificial intelligence

Another significant trend is the rising emphasis on artificial intelligence in the CISO agenda. When asked to identify their top areas of expertise to build or maintain, 57% of respondents selected “artificial intelligence, machine learning, and data analytics.” While securing AI may currently be relatively straightforward—explaining why 43% did not select it—AI still ranks almost twice as high as the next most selected area. This focus is reinforced by the fact that 96% of respondents say they are already using AI to enhance their company’s cybersecurity posture, signaling that AI-enabled defense is rapidly becoming a standard expectation rather than an emerging capability.

The rise in CISOs reporting directly to the CEO, combined with the growing organizational focus on AI highlights that AI is now firmly on the C-suite agenda. That emphasis is also extending across the enterprise. Most respondents are seeking to hire talent with expertise at the intersection of AI and cybersecurity, with 60% actively doing so. We see the same trend in our work, where we’ve delivered AI builds for individual contributors across multiple companies. AI is becoming critical at all levels of the organization, from senior leadership to individual contributors, and is increasingly shaping daily operations, risk management, and decision-making.

Together, these trends illustrate that modern CISOs are expected not only to safeguard digital assets but also to manage broader enterprise risk, drive innovation, and leverage emerging technologies to advance organizational goals. Compensation trends are increasingly reflecting this expanded scope, with market demand for executive-level AI competence emerging as a differentiating factor.

For full compensation data, open the full report.

About the author

Matt Aiello (maiello@heidrick.com) is a partner and leads the global Cybersecurity Practice; he is based in the San Francisco and Washington, DC offices.