Infosec 08: Europe has fastest security job growth

Information security professionals have a rosy outlook for their sector, especially in EMEA, according to new research.

Such professionals expect stability and even growth across their part of the IT industry, the survey of 7,500 IT security workers across 100 countries by Frost & Sullivan. It was commissioned by (ISC) for this week's InfoSec conference in London.

The report said the information security workforce currently numbers some 1.66 million worldwide, and is expected to increase by some ten per cent by 2012, adding 2.7 million professionals to the sector.

Europe, the Middle East and Africa (EMEA) are set for the fastest growth, at about 13 per cent over the same period.

Such growth will mean demand for security professionals will outstrip supply, said Colley. "Salaries will go up," he said. "If you're a security professional, it's great. If you're on the other side of the equation... if you're getting people in, people are getting more and more expensive."

Average salaries for security pros in EMEA with about five years' experience earned $66,751 (£33,450). But (ISC) was eager to point out their own members averaged $94,115 (£47,050). Just a quarter of EMEA pros surveyed said they required their own staff to have certifications, however.

The average level of experience in EMEA was 8.3 years, compared to 9.5 in America. EMEA listed the highest rates of respondents with masters and doctorates, at 37 per cent and eight per cent respectively.

But as a skills shortage worsens, companies may find they need to train their own security professionals. "People are more willing to take on less experienced people, and willing to train them up," said Colley.

Half of EMEA respondents with less than a decade of experience expected to get more money to train in the next year. A major reason for training was said to be keeping up on new technologies and threats, including business continuity, disaster recovery, and privacy management.

The majority of respondents said spending on security was stable in the US and EMEA last year, while Asia-Pacific respondents saw an increase - this, despite worldwide concern about an economic downturn.

"The security department has always been saying how important it is, now business is too," said Colley.

"Information security is going through the same sort of life cycle as IT did years ago," he explained. "From a niche industry... to more and more mainstream."

Nor is training all about the technology. Some eight out of ten of respondents in EMEA said communications skills were becoming increasingly necessary, while 59 per cent said the same for business skills.

Three-quarters of those surveyed said avoiding damage to their company's reputation was a top priority, followed by protecting customer data, avoiding identity theft and ensuring legal and regulatory compliance.

According to the survey, half of all respondents (39 per cent in EMEA) said their own users were the biggest threat to their company's security. Ensuring users followed policy was the most important factor in ensuring security.

For more Infosec 2008 coverage, see IT PRO's roundup page here.

Email to a friend

Print this page