New Report Reveals CISOs Face Expanding Risk, Greater Resource Constraints, and Overextension of Responsibilities Impacting Job Satisfaction
BOSTON, June 17, 2025 -- IANS Research and Artico Search today released the 2025 Compensation and Budget for CISOs in the Small and Middle Market Benchmark Summary Report offering a detailed look at how cybersecurity leaders in organizations with up to $1B in annual revenue are managing rising responsibilities with lean teams, limited budgets, and evolving governance demands.
Often recognized as engines of economic growth, midmarket companies are scaling fast but with fewer resources and less mature security programs than their enterprise counterparts. As these firms expand digital operations, CISOs are under growing pressure to deliver enterprise-grade security in environments that are still developing foundational processes. To reflect the diversity within this segment, the report groups organizations into four tiers based on revenue, from agile, sub-$50M companies to $1B firms with international reach and advanced security maturity.
"For organizations under $1B, this data offers essential benchmarks for investment, staffing, and board access," said Nick Kakolowski, Research Director at IANS. "It helps leaders understand where they stand—and what needs to evolve to retain top cybersecurity talent in a competitive market."
Key Findings from the 2025 Compensation and Budget for CISOs in the Small and Middle Market Benchmark Summary Report Include:
- CISO Compensation Reaches Record Highs
CISOs in small and midmarket organizations earn an average of $415K in total compensation, with the top 5% receiving seven-figure packages, driven by significant equity grants. - Security Budgets Scale with Enterprise Size
Security budgets in this segment range from $600K to $5M, averaging 1.1% of company revenue, or about $11K per $1M in revenue. Baseline security programs are relatively costly for small firms, but as organizations scale, security spending grows slower than revenue, making protection more cost-efficient. - CISO Visibility with the Board Increases
While full board access remains limited for 40% of CISOs, engagement is improving through board subcommittees, with 65% of CISOs participating in governance structures. - Enterprise CISOs are Stepping into Executive Leadership
Only 40% of small and midmarket CISOs hold executive-level titles, and most report to CIOs or CTOs. However, executive status is more common in firms under $50M, where flat structures enable greater influence over strategic decision-making. - Retention Risk Remains High
Budget and compensation dissatisfaction are top concerns. Among CISOs who are dissatisfied, 72% plan to change jobs within the next year. Even those "somewhat satisfied" are overwhelmingly open to new roles.
"Midmarket CISOs are being asked to do more with less, stretching across IT, risk, and compliance while navigating flat org charts and limited visibility," said Steve Martano, Partner at Artico Search and IANS Faculty Member. "The best CISOs are embracing these challenges as stepping stones to enterprise leadership, but they need support and recognition to stay."
The 2025 Compensation and Budget for CISOs in the Small and Middle Market Benchmark Summary Report includes data with detailed analysis on compensation distribution, role tenure, security staffing ratios, budget breakdown, leadership depth, and the evolution of adjacent CISO responsibilities such as fraud, IT oversight, and AI governance. This report follows the recent release of the 2025 Compensation and Budget for CISOs in Large Enterprises creating a comprehensive view of how security leadership challenges vary by company size and complexity.
.Survey Methodology
This report is based on the fifth annual CISO Compensation and Budget Survey, conducted jointly by IANS Research and Artico Search. From April to December 2024, the survey collected responses from 862 security executives, including 363 CISOs from small and mid-market organizations.
About Artico Search
Founded in 2021, Artico Search specializes in recruiting senior go-to-market and security executives for growth venture, private equity, and public companies. The firm's dedicated security practice focuses on finding top CISOs and other senior-level information security professionals across a wide range of industries.
About IANS Research
For security leaders navigating complex threats and business demands, IANS Research provides expert-driven insights and practical guidance. Our network of experienced practitioners, the IANS Faculty, offers on-demand expertise and support through our research, peer community, and tailored consulting services. Learn more at www.iansresearch.com.
This News is brought to you by Qube Mark, your trusted source for the latest updates and insights in marketing technology. Stay tuned for more groundbreaking innovations in the world of technology.
