UK businesses are still investing in IT security
professionals and paying them competitive salaries, despite budget
cuts in the economic downturn, a survey has revealed.
Fifty six per cent of these workers have been given a pay
increase in the past year, according to a poll of 300 members of
professional organisations including (ISC)2, ISACA, BCS and
CREST.
The high salaries reflect the fact that information security
profession is dominated by senior roles, with £53,600 being the
average salary of those polled.
Sixty three per cent said they earn more than £50,000, with
bonuses adding between £10,000 and 100,000 to their basic
salary.
"This shows organisations are rewarding good security people,"
said Iain Sutherland, managing director at recruitment firm
Information Security Solutions (ISS), which conducted the
survey.
Organisations realise that in financially challenging times they
cannot afford data losses or compliance issues and are investing to
attract and retain the skills they need, he said.
This is consistent with the findings of an international survey
of 2,500 (ISC)2 members about IT security budget cuts in the
economic downturn.
While 72% of information security professionals polled said
their budgets were reduced in the past six months, 43% said they
were recruiting additional security staff.
Skills in information risk management, operations security,
access control systems, and applications and systems development
security were most in demand.
"Organisations are cutting investments in technology and
infrastructure, but not in core information security skills," said
John Colley, EMEA managing director at (ISC)2.
"During economic downturns, organisations become more risk
averse and consequently pay more attention to recruiting and
retaining people who can reduce that risk," he said.
Education and professional qualifications are playing an
increasingly important role in that recruitment process, according
to the ISS salary survey, said Sutherland.
"In the past, people were appointed to senior roles in IT
security based on their past experience alone, but that appears to
be changing," he said.
The survey found that 42% of respondents have professional
qualifications and 49% have a university degree, a quarter of them
with a masters or higher.
"Most cited their non-vendor professional qualifications as
being their leading qualification," said Sutherland.
The value of professional qualifications is reflected in the
fact that (ISC)2 professional certifications in EMEA alone has
risen from around 7,000 to over 10,000 in just two years, said
Colley.
"Twenty countries in the region have over 100 members and 15 of
them over 200, which is an important milestone," he said.
According to Colley, membership of over 200 in a single country
is a "tipping point" after which the local business community can
more easily push to recruit only qualified professionals.
The UK leads the EMEA tables with 3,165 members, followed by
Netherlands (956), Germany (712), and France (466).
As organisations become more dependent on IT, they are concerned
about their ability to withstand data losses, said Howard Schmidt,
president of the ISF and vice chair of (ISC)2 board of
directors.
"In addition to protecting resources and brand value, security
professionals are becoming recognised for their ability to protect
revenue," he said.
Read more from Infosec 2009 >>