Skip Links

State of the CSO in 2013 shows an improved outlook

Our exclusive research into the current condition of the CSO role reveals big progress is being made, but the outlook is far from rosy

By George V. Hulme, CSO
December 16, 2013 05:25 PM ET

CSO - On paper, in many ways, the state of the CSO appears to be improving. Budgets in many enterprises appear to be headed in the right direction: up. So is staffing. CSOs are also getting to do what they've wanted to do for a decade and are spending more time with the top executives in their organizations.

[The top 8 security threats of 2013]

Yet the question remains, are enterprises getting the results they need? That's tough to say. Attacks are becoming more sophisticated, which in turn requires more complex strategies for securing data. For instance, the most recent Verizon Data Breach Investigations Report found that financially motivated cybercrime and state-affiliated espionage campaigns comprise 95 percent of all attacks. And breaches remain undetected for weeks, months and even years.

Perhaps results like that are why 45 percent of security decision-makers questioned in CSO magazine's annual State of the CSO survey reported that their security budgets will rise this year as compared to last year. That's sharply higher than the 38 percent who reported their budgets would increase in 2012. When evaluated by enterprise size, the survey found organizations with $1 billion or more in annual revenue are the most likely to be planning spending increases--54 percent of them expect budget hikes. The likelihood of spending increases dips to 46 percent for small companies and 35 percent for midsize organizations.

The survey, conducted among 280 respondents involved in security purchasing decisions for their companies, also found that just 7 percent expect budget cuts. That's down significantly from 11 percent in 2011.

Not surprisingly, considering the number of enterprises with budgets on the rise, staffing levels are also expected to grow. Fully 34 percent of respondents expect their organizations' full-time security headcount to increase. Also, fewer expect to cut full-time security staff this year--only 8 percent compared to 14 percent last year.

Once again, it is the larger companies that are most likely to be increasing their security resources, with 42 percent planning staffing increases, compared to 37 percent of midsize and 26 percent of small organizations.

Demand for talent still outstrips supply

This demand for skilled IT security professionals continues to strain organizations' ability to attract security talent. In fact, finding and retaining skilled IT security workers was identified as among the greatest challenges for 31 percent of large companies.

[Analyze this, and that: CSOs latch on to better data tools]

Kim Jones, senior vice president and CSO of Vantiv, likens the information security personnel challenges to some of the challenges the intelligence community faced a decade ago: too much reliance on technology and signal intelligence and not enough on human intelligence and analysis. "Unfortunately, we're not getting enough people with the skills we need," Jones says.

Considering the high demand for skilled IT security talent, it's surprising to find that security profession salaries are flat. Most security decision-makers earn about $179,600, which is nearly a straight line from the $180,100 reported last year. What's less surprising is that the size of the salary depends largely on the size of the company where the security professional works. Professionals at large companies earn $235,600, on average, whereas respondents at small companies earn an average of $147,000 and those at midsize companies average $153,300.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News