The International Information Systems Security Certification Consortium (ISC)2, the non-profit international leader in its 15th year of educating, qualifying and certifying information security professionals worldwide, and global industry analyst firm IDC today announced the results of the first major study of the global information security profession.
The (ISC)2 2004 Global Information Security Workforce Study was conducted by IDC on behalf of the consortium to provide comprehensive, meaningful research data for the first time about the information security profession to professionals, corporations, government agencies, (ISC)2 constituents, academia and others.
IDC analysed responses from 5,371 full-time information security professionals in 80 countries worldwide that had purchasing, hiring and/or management responsibilities, with nearly half employed by organisations with $1 billion or more in annual revenue. Highlights include:
Based on primary and secondary IDC research, IDC estimates the number of information security professionals worldwide currently to be 1.3 million, a 14.5 percent increase over 2003;
The number of professionals is expected to increase to 2.1 million by 2008 at a compounded annual growth rate of 13.7 percent from 2003. Regionally, this represents growth rates of 12% for the Americas, 11.4 % in Europe, while the Asia Pacific region is expected to grow at a faster rate of 18.3 percent during the same time period;
A higher percentage (21%) of IT security staff report to the security department in EMEA-based organizations than in any other region. Similarly, a higher percentage of EMEA respondents identified the existence and ultimate responsibility for IT security of the CSO (26%), a position that did not exist 10 years ago;
For 93% of security hiring managers, certifications are important when hiring decisions are being made. Certifications afford the employer some degree of comfort or a guarantee as to an individual’s competency/knowledge level and they can be critical in terms of legal liability or corporate due diligence.
ì(ISC)2 chartered IDC to conduct this study to offer the industry and society a clearer picture of what has become an enormously significant profession in a very short time,î said James E. Duffy, CISSP, president and CEO of (ISC)2. ìThe rate at which this profession has evolved is a testament to the increasingly complex demands placed on information security professionals and the critical role they play in the global information economy.î
According to Allan Carey, the IDC analyst who led the study, government regulations, new technologies and a dynamic threat environment are driving the growth of the profession.ìWith competing demands on industry and government to expand access to services and information, the highly trained and experienced information security professional must now be an active participant to fulfill stringent regulatory requirements and provide proactive solutions to circumvent emerging risks,î Carey said. ìOrganisations are beginning to understand that itís the people, processes, policies and technology that create effective security, not technology solutions alone.î
ìThe study shows a shift in the information security profession, indicating that business acumen is now often required along with technology proficiency,î Carey said. ìThis widening responsibility means information security professionals not only have to receive a constant refresh of the best security knowledge but also must acquire a solid understanding of business processes and risk management to be successful in their roles.î
The study was conducted via a Web-based portal in the late spring/early summer of 2004, with e-mail notifications sent to 40,000 professionals worldwide to obtain leading market indicators in the profession.
ìThis initial study provides meaningful, quantifiable context to the information security profession that was lacking in the market before,î Duffy said. ìIt serves as the baseline for what we hope will become an annual ëbarometerí of the information security profession.î
A copy of the study is available by emailing: wfstudy@isc2.org.
Information security workforce to grow 13.7% annually to 2.1 Million Worldwide by 2008
European workforce to reach nearly 680.000 by 2008 states (ISC)2/IDC survey
