Ponemon Institute Reveals Results Of First Cybersecurity Salary Benchmarking SurveySurvey reveals higher average salaries than expected
Portland, OR -- December 11, 2013 -- SecureWorld Insight, a partnership with Ponemon Institute and SecureWorld Expo, today revealed the highlights of the "2013 Salary Benchmark Report," kicking off a new series of quarterly cybersecurity research reports. This benchmark is the first to identify compensation for eight categories of information security staff - from CISOs to directors, managers and technicians - and key influencing factors.
The survey reveals higher average salaries than expected, with the top title of Chief Information Security Officer (CISO) earning an average annual base salary equivalent to the compensation of other C-level executives for 50% of the respondents. And this trend extends beyond the C-suite to all other levels. However the report also finds that 43% of cybersecurity professionals rate their position as the most difficult one in the organization.
Surprise findings include the number one factor influencing salary: reporting channel. In fact those who report to the CEO make a significantly higher salary; however they are also at risk as the first to be fired. The data also confirms that the number one reason security staff leave an organization is compensation – and leads to the resulting conclusion that an organization's biggest vulnerability may well be its own information security team, due to unfilled jobs and lack of funding.
Companies are heading into budgeting for 2014 facing an unprecedented threat landscape, extremely competitive environment and a limited pool of skilled cybersecurity talent. In response the SecureWorld Insight benchmarking report offers insights for IT, security and HR executives into how to hire and retain top cybersecurity talent and build information security teams.
Key findings from the study include:
Compensation varies widely based on the following factors, in order of highest impact:
· Steps from the CEO / Reporting Channel: CISO reporting to the CEO enjoy a 36% jump in average annual salary, followed by direct lines to the CFO, COO, CIO, CTO. Ironically, few actually report to the CEO and the majority (46%) report to the CIO.
· Industry Sector: The Communications sector leads in average annual salary, followed by Financial Services, Services and 11 other categories; Health & Pharma ranks lowest with Defense close by.
· Organization Headcount: The biggest jumps in technicians' average annual salary occur in organizations with more than 75,000 employees.
· Geo Footprint: Organizations with a global footprint pay more than domestics.
· Gender: In another surprise finding, men make only 5.5% more than women in the top security executive positions.
Certifications matter.. but not as much as you think. Professionals with certifications earn only 8.7% more than those without; however those with advanced degrees demand up to 35% higher salary.
Lack of adequate funding is the biggest barrier to team success. Fifty-six percent of respondents cited lack of adequate funding as their biggest barrier to success, followed by IT complexity (42%) and lack of qualified personnel (41%). In fact only 8% report having cybersecurity teams of over 20 FTEs, with the majority operating with 6-15 FTEs.
The study also identifies trends related to the CISO position specifically, such as how many organizations have a CISO; how many have a formal reporting structure to the board; what metrics are used to determine the success or failure; and the seven critical career success factors.
The benchmark study was conducted to independently determine the annual salary of CISO-level executives in larger-sized companies (with 1,000 employees or more). A total of 133 companies and CISOs agreed to participate by providing confidential salary and benefits data collected with a survey instrument. In addition to their own data, respondents provided salary data for members of their IT security team.
The "2013 Salary Benchmark Report: Compensation and Role of Security Teams" report includes studies of eight categories of security staff: CISO, Director Level 1, Director Level 2, Manager Level 1, Manager Level 2, Technician, Supervisor, Staff/Admin.
"In past years, organizations have commissioned us to produce salary studies for their own knowledge. We are now making this comprehensive report available to all organizations through SecureWorld Insight," says Dr. Larry Ponemon. "As the market for top quality IT security professions get more competitive, this information becomes increasingly important to assure proper staff budgets and to avoid vulnerabilities that result from unfilled roles."
"Security teams and HR professionals need salary benchmarking information to retain key staff and make offers to new team members," added Michael O'Gara, president, SecureWorld. "We're excited to have identified this gap and provide this benchmarking to IT professionals nationwide throughout our SecureWorld network."
Resources and Links
· Watch the Preview Video: http://secureworldinsight.com/
· Purchase the Study: http://secureworldinsight.com/products/the-compensation-and-role-of-security-teams
· Interviews Available Upon Request
About SecureWorld Insight
SecureWorld Insight, Powered by Ponemon, is a partnership with Ponemon Institute and SecureWorld Expo, combining SecureWorld's nationwide reach with Ponemon Institute's highly respected research. SecureWorld Insight provides unprecedented, highly targeted, relevant benchmarking to IT professionals across the country and beyond.