The survey reveals higher average salaries than expected, with the top title of CISO earning an average annual base salary equivalent to the compensation of other C-level executives for 50% of the respondents. And this trend extends beyond the C-suite to all other levels. However the report also finds that 43% of cybersecurity professionals rate their position as the most difficult one in the organization.
Surprise findings include the number one factor influencing salary: reporting channel. In fact those who report to the CEO make a significantly higher salary; however they are also at risk as the first to be fired. The data also confirms that the number one reason security staff leave an organization is compensation – and leads to the resulting conclusion that an organization’s biggest vulnerability may well be its own information security team, due to unfilled jobs and lack of funding.
Companies are heading into budgeting for 2014 facing an unprecedented threat landscape, extremely competitive environment and a limited pool of skilled cybersecurity talent. In response report offers insights for IT, security and HR executives into how to hire and retain top cybersecurity talent and build information security teams.
Compensation varies widely based on the following factors, in order of highest impact:
Steps from the CEO / reporting channel: CISO reporting to the CEO enjoy a 36% jump in average annual salary, followed by direct lines to the CFO, COO, CIO, CTO. Ironically, few actually report to the CEO and the majority (46%) report to the CIO.
Industry sector: The Communications sector leads in average annual salary, followed by Financial Services, Services and 11 other categories; Health & Pharma ranks lowest with Defense close by.
Organization headcount: The biggest jumps in technicians’ average annual salary occur in organizations with more than 75,000 employees.
Geo footprint: Organizations with a global footprint pay more than domestics.
Gender: In another surprise finding, men make only 5.5% more than women in the top security executive positions.
Professionals with certifications earn only 8.7% more than those without; however those with advanced degrees demand up to 35% higher salary.
Fifty-six percent of respondents cited lack of adequate funding as their biggest barrier to success, followed by IT complexity (42%) and lack of qualified personnel (41%). In fact only 8% report having cybersecurity teams of over 20 FTEs, with the majority operating with 6-15 FTEs.
“In past years, organizations have commissioned us to produce salary studies for their own knowledge. We are now making this comprehensive report available to all organizations through SecureWorld Insight,” says Dr. Larry Ponemon. “As the market for top quality IT security professions get more competitive, this information becomes increasingly important to assure proper staff budgets and to avoid vulnerabilities that result from unfilled roles.”