CISOs in Southeast Asia: Salary expectations and job description

What are the responsibilities and salary of Chief Information Security Officers?

Charlotte Trueman Feb 01st 2019 A-A+

What is a CISO?

Unsurprisingly, security is now the leading priority for CIOs across the globe. Last year, Gartner asked 3000 Chief Information Officers what their priorities where going forward and 88 percent listed the implementation of cybersecurity as their number one.

Southeast Asia is no different. One month into 2019 and the region has already experienced two large scale data breaches; Singapore had sensitive healthcare data compromised for the second time in a six-month period.

Consequently, the ASEAN countries are starting to take steps to combat the threat of cyberattacks, holding an International Cyber Week in 2018 where the member states agreed to strengthen cyber coordination and capacity-building efforts for a more effective defence against cyber threats.

But is it enough? According to Ponemon Institute’s 2017 Cost of Data Breach Study, in 2017 the average cost of a data breach across the ASEAN region was $2.29 million. As a result, organisations are starting to rethink their internal security practices and take steps to mitigate any future risk. For many, that means hiring a dedicated Chief Information Security Officer.

The same report by the Ponemon Institute found that appointing a CISO could reduce the cost of said breach by about $5 per stolen record. While handing over your internal cybersecurity strategy to a dedicated member of the C-suite team won’t guarantee you’ll never experience a security incident again, it will go a long to ensuring your security strategy is comprehensive.

Much like the threat landscape, the role of the CISO has also evolved over recent years. Many of those in possession of the job title now find themselves increasingly in charge of deploying security hardware, setting, reinforcing and updating a company-wide security strategy and auditing and monitoring current systems, alongside setting a company-wide, business-focused security strategy.

Previously on CIO Asia, we’ve covered the role of the CISO in depth, looking at the responsibilities of the job, the benefits one can bring to the organisation and if hiring one would make business sense to your company.

Below is a salary guide for CISOs in Southeast Asia, outlining the average wage of a Chief Information Officer in several ASEAN countries.

Salary guide

The salary of a CISO varies from country to country across the ASEAN region and can change depending on industry, company size and years of experience. Below is a guide to the average per annum earnings of CISOs in 7 countries where data was available.

  • Indonesia: 510 million – 644 million IDR (USD 36,100 – 45,533)

  • Vietnam: 168 million – 337 million VND (USD 72,000 – 144,000) [Figures relate to CTO job title]

  • Singapore: 180,000 – 350,000 SGD (USD 133,136 – 258,857)

  • Thailand: 3 million – 4.8 million THB (USD 95,655 – 153,048) [Figures relate to CTO job title]

  • Malaysia: 167,000– 243,000 MYR (USD 40,666 – 59,173)

  • Philippines: 1.2 million – 2 million PHP (USD 22,951 – 38,251)

  • Cambodia: 51 million – 215 million KHR (USD 12,440 – 52,861) [Figures relate to C-Level Executive job title]