Fifty-percent of Chief Information Security Officers earn an average annual base salary equivalent to that of other C-level executives, according to a recent survey by SecureWorld Insight. The survey results showed higher salaries for cybersecurity professionals than was expected.
The survey, titled “2013 Salary Benchmark Report,” is the first in a new series of quarterly cybersecurity research reports by SecureWorld Insight, which is a partnership between Ponemon Institute and SecureWorld Expo.
The similarity of cybersecurity professionals’ salaries to those in other areas was found not just at the top level, but throughout organizations. While their pay is near the same, 43 percent of those working in cybersecurity say their position is the most difficult one.
Reporting channel was found to be the number one factor influencing salary, in a surprise to those reporting the survey results. Those reporting to the CEO have the greatest rate of compensation, as well as the greatest risk of being fired.
The most common direct report for CISOs is not the CEO, but rather the CIO, at 46 percent.
Compensation is the most common reason for security staff to leave an organization, and the lowest paying industry sectors are “Health & Pharma,” followed by Defense. Communications companies pay their information security workers the most, followed by Financial Services companies. Pay for cybersecurity professionals associated with the Defense industry may increase if the recommendations from a recent Deltek report on federal cybersecurity contract spending are followed.
Pay tends to be higher at global organizations, and jumps for those at companies with over 75,000 employees.
Professionals with certifications average 8.7 percent higher salaries than those without, but advanced degrees boost salaries by 35 percent.
Asked to identify barriers to success, 56 percent of respondents said lack of funding, while 42 percent cited IT complexity and 41 percent cited a lack of qualified personnel. A recently announced training partnership between network security company Fortinet and Willis College shows one possible method for dealing with the latter issue.
Most businesses related to the hosting industry would fall into the “Communications” industry sector, so it is likely that they are among the minority for whom lack of funding is not a primary barrier to the success of their security teams, and they are more likely able to find and retain qualified employees. However, cybersecurity is more critical to cloud hosts and related service providers than to those in other sectors, with security concerns remaining one of the most commonly cited barriers to cloud adoption, and companies experiencing breaches forced to scramble to protect their customer relations.