In a market in which pay for many IT certifications is softening, two governance-related credentials are moving sharply in the opposite direction. According to Foote Partners’ latest quarterly-updated data edition of its IT Skills and Certifications Pay Index™(ITSCPI), the Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) not only resisted the erosion evident across much of the wider certification landscape — they posted cash pay premium growth in the 11% to 20% range over the last six months of 2025 while earning premiums well above the 6.5% certification average.
Why now? What is changing as we move into 2026?
1. Governance Has Shifted from Back Office to Boardroom
The first shift is structural. Governance has moved from a compliance back-office function to a board-level imperative. As our analysis of ITSCPI data reveals, employers are operating in a volatile labor market shaped by the operationalization of AI, the expansion of digital infrastructure and rising cyber risk. Technology is no longer just an enabler of productivity: it is more than ever a core source of enterprise risk and enterprise value. That reality changes what employers are willing to pay for as they reshuffle their enterprise workforces.
Organizations are no longer asking only these two fundamental questions: can we build and secure it? They are instead asking: Can we defend it to regulators? Can we quantify its risk? Can we prove controls work? And increasingly, can we govern AI responsibly?
CISA and CGEIT sit at the center of this shift. CISA answers the fundamental question: can we trust this system? CGEIT answers a broader one: is technology governed in a way that aligns with enterprise strategy and risk tolerance? Those are executive concerns, not technical ones.
When boards face regulatory scrutiny, AI oversight demands and escalating disclosure requirements, they need professionals who understand control frameworks, assurance methodologies and governance accountability.
2. Scarcity + Experience Barrier = Premium Pay
A second factor is scarcity. Our research has long shown that IT skills and certifications lose market value when supply catches up with demand. Many vendor-driven or tool-specific certifications have followed that pattern. The CISA and CGEIT differ because they are experience-based, requiring demonstrated professional backgrounds in audit, governance and enterprise oversight. That barrier protects their scarcity value in a way that mass-market certifications cannot. And we would argue that there are signs in the emerging marketplace that the demand for these two ISACA certifications has been rising faster than supply.
3. Risk Analytics and IT Governance Skills Are Surging
At the same time, the broader ecosystem of risk and governance skills is strengthening. Our ITSCPI report also highlights noncertified skills in risk analytics and assessment earning pay premium bonuses averaging the equivalent of 24% of base salary, with strong six-month growth.
Moreover, IT governance appears among the high-paying noncertified IT skills in the ITSCPI with strong recent gains in market value. Certifications tied to those domains benefit from the same upward pressure. In contrast, categories such as Data Management/Database, Applications Development, and Networking certifications are leading the recent pay erosion.
4. AI Has Increased — Not Reduced — the Value of Governance
AI is accelerating this divergence rather than narrowing it. The ITSCPI reveals the number of AI-related skills and certifications earning pay premiums from employers has expanded dramatically in less than two years, from 57 to 144.
With enterprise AI now shifting from experimentation to operational deployment, governance complexity increases. Enterprises must demonstrate oversight of training data, access controls, model risk, explainability and monitoring processes. Engineers can build AI systems but governance professionals must defend them.
This is where CISA and CGEIT gain strategic leverage. CISA-certified professionals bring audit rigor to complex digital environments. CGEIT-certified leaders bring enterprise governance discipline to transformation programs. As organizations deploy AI at scale, regulators and insurers are asking not whether systems exist, but whether controls are documented, tested and aligned with business objectives. That scrutiny increases the premium attached to governance authority.
5. Employers Are Paying for Stability in a Volatile Market
Another dynamic at play is volatility. Foote’s most recent quarterly IT Skills and Certification Pay Volatility Index shows nearly 400 of the 1,396 skills and certifications reported changed in market value in the last three months of 2025 compared to only 280 in the first three months of the year.
This level of volatility drives employers toward durable credentials associated with long-term enterprise resilience rather than short-cycle tool proficiency. CISA has shown gold standard durability for decades and the CGEIT targets senior governance leadership. Both represent stability in an unstable skills market. They are earning significantly higher average cash pay premiums than the certification population as a whole because they align directly with what organizations fear most: unmanaged risk, regulatory failure and misaligned technology strategy.
The Bottom Line
In 2026, certifications commanding the strongest pay premiums will not be those tied to the newest tools. They will be the ones tied to trust, accountability and enterprise control. That’s why we believe the CISA and CGEIT are positioned to outperform the market — and why their momentum appears structural rather than temporary.
