News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | The Increasingly Unequal World of CISO Salaries: What It Means

According to a survey of 600 US-based CISOs, the salary gap between top and bottom-earning CISOs is widening, with the highest-paid executives receiving salary increases at a rate three times higher than those at the lower levels. Most CISOs earn below $400,000 or above $700,000 annually, with 52% earning less than $400,000 and 20% earning above $700,000. While CISO compensation grew 11% year-on-year, the growth rate has slowed compared to the previous year. The report also highlights that many CISOs are looking for new roles, citing compensation, job progression, and work-life balance as influencing factors.

A Splunk study reveals that most organizations still choose to pay for ransomware attacks, with over half paying more than $100,000. The study also highlights concerns about the potential for generative AI to enable more sophisticated attacks. To enhance cyber resilience, organizations are focusing on cross-functional collaboration and adopting AI for malware analysis and workflow automation. However, there is a need to reduce the number of security tools and upskill security teams to address the evolving threat landscape effectively.

According to a study by Secureworks, the time cyber attackers take to deploy ransomware after gaining initial access to a victim’s environment has dropped to 24 hours. This is a significant decrease from previous years, attributed to the improved detection of pre-ransomware activity and the rise of the ransomware-as-a-service (RaaS) model. Cybercriminals adapt to the changing defensive landscape by completing their attacks faster and resorting to less complex attacks for greater volume. The study also identified vulnerability scanning tools, stolen credentials, and phishing emails as the primary access vectors for ransomware attacks.

The total number of data breaches and leaks in 2023 has already surpassed the numbers from last year, indicating that efforts to combat cyberattacks have not been practical. The increase can be attributed to rising ransomware attacks, zero-day vulnerabilities, and supply chain cyberattacks. While the total number of compromises has increased, the number of victims in 2023 is lower than in 2022. Attacks related to vulnerabilities in the file-transfer tool MOVEit were among the most impactful breaches in the third quarter.

The 2023 Travelers Risk Index highlights that cyber risks remain a top concern for businesses of all sizes and industries. More than half of the participants believe their business will be a cyberattack victim. The most common cyber concerns include unauthorized access to financial accounts, security breaches, and employees putting information/systems at risk. Despite this, many businesses are not adequately prepared, with a significant percentage not implementing basic prevention measures such as firewall/virus protection and data backup.

Why do we care?

I want to highlight how expensive a CISO is for two reasons.  First, as they get smaller, most organizations will never be able to afford this, and second, that equals a premium service to be delivered for those who can’t.  

And in a world where attacks are up, ransoms are up, and insurance is a gap.  And we’re still not doing the basics.     Why cybersecurity?   All those reasons.   Many companies still lack basic cybersecurity measures. MSPs have a critical role to play in implementing these foundational controls as a starting point for broader security strategies.

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories