Infosec 2009: Most IT security professionals earn over £50,000

UK businesses are still investing in IT security professionals and paying them competitive salaries, despite budget cuts in the economic downturn, a survey...

UK businesses are still investing in IT security professionals and paying them competitive salaries, despite budget cuts in the economic downturn, a survey has revealed.

Fifty six per cent of these workers have been given a pay increase in the past year, according to a poll of 300 members of professional organisations including (ISC)2, ISACA, BCS and CREST.

The high salaries reflect the fact that information security profession is dominated by senior roles, with £53,600 being the average salary of those polled.

Sixty three per cent said they earn more than £50,000, with bonuses adding between £10,000 and 100,000 to their basic salary.

"This shows organisations are rewarding good security people," said Iain Sutherland, managing director at recruitment firm Information Security Solutions (ISS), which conducted the survey.

Organisations realise that in financially challenging times they cannot afford data losses or compliance issues and are investing to attract and retain the skills they need, he said.

This is consistent with the findings of an international survey of 2,500 (ISC)2 members about IT security budget cuts in the economic downturn.

While 72% of information security professionals polled said their budgets were reduced in the past six months, 43% said they were recruiting additional security staff.

Skills in information risk management, operations security, access control systems, and applications and systems development security were most in demand.

"Organisations are cutting investments in technology and infrastructure, but not in core information security skills," said John Colley, EMEA managing director at (ISC)2.

"During economic downturns, organisations become more risk averse and consequently pay more attention to recruiting and retaining people who can reduce that risk," he said.

Education and professional qualifications are playing an increasingly important role in that recruitment process, according to the ISS salary survey, said Sutherland.

"In the past, people were appointed to senior roles in IT security based on their past experience alone, but that appears to be changing," he said.

The survey found that 42% of respondents have professional qualifications and 49% have a university degree, a quarter of them with a masters or higher.

"Most cited their non-vendor professional qualifications as being their leading qualification," said Sutherland.

The value of professional qualifications is reflected in the fact that (ISC)2 professional certifications in EMEA alone has risen from around 7,000 to over 10,000 in just two years, said Colley.

"Twenty countries in the region have over 100 members and 15 of them over 200, which is an important milestone," he said.

According to Colley, membership of over 200 in a single country is a "tipping point" after which the local business community can more easily push to recruit only qualified professionals.

The UK leads the EMEA tables with 3,165 members, followed by Netherlands (956), Germany (712), and France (466).

As organisations become more dependent on IT, they are concerned about their ability to withstand data losses, said Howard Schmidt, president of the ISF and vice chair of (ISC)2 board of directors.

"In addition to protecting resources and brand value, security professionals are becoming recognised for their ability to protect revenue," he said.

Read more from Infosec 2009 >>

Read more on IT jobs and recruitment