Information Shield, a leading developer of information security policy and compliance content, recently announced the results of the 2011 Information Security Staffing Survey. The 2011 survey had respondents from 190 different organizations with headquarters in 34 different countries.
Although the numbers vary considerably by industry, information security staff now makes up roughly one out of every 200 employees. Average staffing levels jumped 880 percent since the previous survey, conducted in 1997. The rapid rise in staffing was driven primarily by compliance and market pressures.
The 2011 Information Security and Data Privacy Staffing Survey measured responses to a variety of questions concerning the staffing levels and characteristics of the information security function. The survey was designed to allow organizations to construct meaningful budget and staffing estimates based on both their industry and organization size.
Click through for highlights from an IT security staffing survey, conducted by Information Shield.
Across all industries and regions, information security staff account for roughly 0.5 percent of all full-time employees (FTE), up almost 880 percent since 1997.
Information security staffing budgets are expected to rise 14 percent over the next year, with regulatory compliance as the largest budget influence.
Sixty percent of respondent organizations outsource some of the information security function. On the average 18 percent of the staffing budget is outsourced, which is up from seven percent in 1997.
Across multiple surveys, firms involved in military, federal government and aerospace/defense had the largest information security staff as a percentage of total workers, while retailing/wholesaling had the lowest.
Of all the industries examined by the survey, health care experienced the largest percentage increase in staffing levels in recent years.
Manufacturing/wholesaling experienced the next largest percentage increase in staffing levels in recent years.
Seventy-four percent of respondents have an established function devoted to information security. However, an overwhelming majority (70 percent) still report up through the IT function.
Fifty percent of all organizations have a designated Chief Security Officer (CSO) or similar senior manager responsible for information security.
Nearly 30 percent of respondents had a designated Chief Privacy Officer (CPO) or similar position.
Some 53 percent of the respondents indicated that outside contractors performed at least some of information security tasks.
