More than half of the information security professionals surveyed received salary increases in 2009, and less than 5% lost their jobs.
"Security is recession-proof in times like this. The threats escalate. You have to reinvent business, you have to watch who goes out the door, you have particular concerns about data leakage, a lot of things that have to be managed differently in a downturn," said Hord Tipton, executive director of (ISC)².
Globally, 50% of security professionals expect no reductions in their IT security budgets in 2010, compared to 72% who reported their budgets had been cut last year, the survey shows.
And more than half of security professionals with hiring responsibilities plan to hire security staff in 2010. Of those, 40% worldwide and 28% in Europe the Middle East and Africa (EMEA) plan to hire three or more security professionals.
The upturn over the past year is particularly strong in the EMEA. Last year just 43% of hiring managers said they expected to hire new security staff, and 11% said they would hire three or more.
More than 50% of security professionals in the region said they expected no security job cuts in 2010. Some 20% expected layoffs, compared to 40% a year ago.
Employers said their biggest challenges were finding employees with the right security skills.
People with experience in operations security, information risk management, security management practices, telecommunications and network security, and the ISO 17799 code of practice for information security management were most in demand.
The downturn had exposed businesses to more security risks, putting them under pressure to maintain their IT spending, said Tipton.
"This is probably the first real recession we have experienced since we started our survey. The stability and recognition of need for security has withstood. Good security will remain stable and even grow in a downturn," he said.
A third of the security professionals questioned in Europe the Middle East and Africa said the economic downturn had increased security risk in their organisations. Half said employee misconduct was the most common risk. Some 18% said outside attacks from hackers was the second most common risk.
Health of UK IT security profession
• 42% of IT security professionals received a pay rise in 2009
• 6% were laid off
• 10% took a salary cut
• 42% of hiring managers plan to hire security staff in 2010.