05:35 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

Ponemon Institute Reveals Results Of First Cybersecurity Salary Benchmarking Survey

Survey reveals higher average salaries than expected

Portland, OR -- December 11, 2013 -- SecureWorld Insight, a partnership with Ponemon Institute and SecureWorld Expo, today revealed the highlights of the "2013 Salary Benchmark Report," kicking off a new series of quarterly cybersecurity research reports. This benchmark is the first to identify compensation for eight categories of information security staff - from CISOs to directors, managers and technicians - and key influencing factors.

The survey reveals higher average salaries than expected, with the top title of Chief Information Security Officer (CISO) earning an average annual base salary equivalent to the compensation of other C-level executives for 50% of the respondents. And this trend extends beyond the C-suite to all other levels. However the report also finds that 43% of cybersecurity professionals rate their position as the most difficult one in the organization.

Surprise findings include the number one factor influencing salary: reporting channel. In fact those who report to the CEO make a significantly higher salary; however they are also at risk as the first to be fired. The data also confirms that the number one reason security staff leave an organization is compensation – and leads to the resulting conclusion that an organization's biggest vulnerability may well be its own information security team, due to unfilled jobs and lack of funding.

Companies are heading into budgeting for 2014 facing an unprecedented threat landscape, extremely competitive environment and a limited pool of skilled cybersecurity talent. In response the SecureWorld Insight benchmarking report offers insights for IT, security and HR executives into how to hire and retain top cybersecurity talent and build information security teams.

Key findings from the study include:

Compensation varies widely based on the following factors, in order of highest impact:

· Steps from the CEO / Reporting Channel: CISO reporting to the CEO enjoy a 36% jump in average annual salary, followed by direct lines to the CFO, COO, CIO, CTO. Ironically, few actually report to the CEO and the majority (46%) report to the CIO.

· Industry Sector: The Communications sector leads in average annual salary, followed by Financial Services, Services and 11 other categories; Health & Pharma ranks lowest with Defense close by.

· Organization Headcount: The biggest jumps in technicians' average annual salary occur in organizations with more than 75,000 employees.

· Geo Footprint: Organizations with a global footprint pay more than domestics.

· Gender: In another surprise finding, men make only 5.5% more than women in the top security executive positions.

Certifications matter.. but not as much as you think. Professionals with certifications earn only 8.7% more than those without; however those with advanced degrees demand up to 35% higher salary.

Lack of adequate funding is the biggest barrier to team success. Fifty-six percent of respondents cited lack of adequate funding as their biggest barrier to success, followed by IT complexity (42%) and lack of qualified personnel (41%). In fact only 8% report having cybersecurity teams of over 20 FTEs, with the majority operating with 6-15 FTEs.

The study also identifies trends related to the CISO position specifically, such as how many organizations have a CISO; how many have a formal reporting structure to the board; what metrics are used to determine the success or failure; and the seven critical career success factors.

The benchmark study was conducted to independently determine the annual salary of CISO-level executives in larger-sized companies (with 1,000 employees or more). A total of 133 companies and CISOs agreed to participate by providing confidential salary and benefits data collected with a survey instrument. In addition to their own data, respondents provided salary data for members of their IT security team.

The "2013 Salary Benchmark Report: Compensation and Role of Security Teams" report includes studies of eight categories of security staff: CISO, Director Level 1, Director Level 2, Manager Level 1, Manager Level 2, Technician, Supervisor, Staff/Admin.

Supporting Quotes

"In past years, organizations have commissioned us to produce salary studies for their own knowledge. We are now making this comprehensive report available to all organizations through SecureWorld Insight," says Dr. Larry Ponemon. "As the market for top quality IT security professions get more competitive, this information becomes increasingly important to assure proper staff budgets and to avoid vulnerabilities that result from unfilled roles."

"Security teams and HR professionals need salary benchmarking information to retain key staff and make offers to new team members," added Michael O'Gara, president, SecureWorld. "We're excited to have identified this gap and provide this benchmarking to IT professionals nationwide throughout our SecureWorld network."

Resources and Links

· Watch the Preview Video:

· Purchase the Study:

· Interviews Available Upon Request

About SecureWorld Insight

SecureWorld Insight, Powered by Ponemon, is a partnership with Ponemon Institute and SecureWorld Expo, combining SecureWorld's nationwide reach with Ponemon Institute's highly respected research. SecureWorld Insight provides unprecedented, highly targeted, relevant benchmarking to IT professionals across the country and beyond.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/16/2013 | 1:00:17 PM
re: Ponemon Institute Reveals Results Of First Cybersecurity Salary Benchmarking Survey
Since when is 46% a majority?
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web