Responsibility for IT security appears to be devolving away from the IT department, according to research to be...
published at this week's RSA Security Conference in Vienna.
A survey of 4,200 IT security professionals worldwide was conducted by IDC and security certification body ISC2.
Among European security professionals the research revealed that 25% report to the IT department, and a further 25% report to a separate information security department.
For the first time the survey has found security professionals reporting directly to the board of directors (7%), with a further 16% reporting to the executive management team. Others reported to finance, operations, risk management departments and even to independent consultants.
The research also found IT security professionals were earning between £35,000 and £60,000.
More than 33% of IT security professionals felt their influence on executive management would increase over the next 12 months, as security and compliance issues increasingly enter board agendas.
The trend is putting pressure on IT security professionals to develop business and communication skills alongside their technical expertise, said Sarah Bohne, director at ISC2.
"The information security community is starting to realise that the only way they are going to be successful and get the budgets they need is if they speak to owners using business language and business terms. There is a new level of awareness about that," she said.
The research showed that selling security to top management and dealing with internal company politics were among the most time-consuming areas of security professionals' jobs.
Despite this, ISC2 said employers were failing to give security professionals the training in softer
business and communications skills they need to liaise with colleagues.
Most security professionals in the UK are highly educated, with 41% having a masters degree or equivalent. Twenty five per cent said it was their company's policy to only employ professionally certified security staff.
Although security budgets have risen annually in Europe, most security staff predicted their budgets would remain static next year.