But those looking for a career in security may want to take note that private detective/investigator is expected to be one of the fastest growing of all occupations, with growth of 21 percent projected through 2020. The only other area where growth of that level is expected is in IT, where it is difficult to break out the security positions, but the positions of IT analyst and related IT Web and network positions anticipate growth of 22 percent through 2020. Among the employers expected to be hiring are government and healthcare.
With regard to the top security executive, the report finds, not surprisingly, that the worldwide recession had an impact on professional growth prospects because jobs became scarcer, and competition tougher, which also led to less leverage in salary negotiations and slower growth in compensation. “After years of aggressive salary gains, large annual raises (6 percent or more in the past) have become exceedingly rare,” notes the report. But those who do get and retain these top spots are more educated than they used to be, with 37 percent holding a master’s degree—up 300 percent since 2001. And that’s reflected in their total compensation package, which at a large company can range from $215,000 to as high as $400,000, though the industry average is a more earthbound $155,000. By contrast, the average salary for a chief information security officer is $170,000.
Management structure. The report also looks at how departments are structured, reporting lines, how organizations address enterprise risk, and related issues. For example, it notes that in the year 2000, many experts predicted that IT and physical/traditional/operational security would merge. In fact, only about 7 percent of those polled said that has happened, with another 5 percent indicating that they are working on integrating those functions. However, “more than half of organizations are using a risk council or similar advisory group to facilitate risk management,” not just between IT and operational security but among all risk-management stakeholders.
Other findings in the report aren’t just about the numbers. For example, it notes that the growing value companies place on intangible assets, such as intellectual property and brand reputation has to lead to a shift in the focus of security. “The effectiveness of corporate security today depends significantly on how well companies manage this shift from securing hard assets to protecting intangible aspects of company value,” the report says. For example, the report finds that brand protection is the number one reason CEOs care about security incidents.