Information Security Staffing Rises Sharply in 2011 Survey

Share Article

Updated Survey Provides Key Staffing and Budget Benchmarks for Information Security and Data Privacy Functions. Average Staffing Budgets to increase 15% for 2012.

Security Staffing Survey
Information security staffing rose 800% since 1997, driven by compliance requirements and public breaches.

Information Shield, a leading developer of information security policy and compliance content, today announced the results of the 2011 Information Security Staffing Survey. The 2011 survey had respondents from 190 different organizations with headquarters in 34 different countries.

Although the numbers vary considerably by industry, information security staff now makes up roughly one out of every 200 employees. Average staffing levels jumped 880% since the previous survey, conducted in 1997. The rapid rise in staffing was driven primarily by compliance and market pressures. This is the only survey available that allows organizations to benchmark their information security and data privacy staffing functions against their peers.

“For decades, information security specialists have been requesting ever larger budgets for their internal information security efforts, claiming that they are under-staffed,” said the author Charles Cresson Wood. “In response, senior management has often responded with comments like, “Show me the numbers – how do you know we aren’t spending enough?” This report provides those numbers - the numbers that allow an organization to determine how it ranks with its peers. Through a few simple calculations, readers can quickly determine whether their organization is spending too little, or perhaps too much, on information security staff.”

In addition to staffing ratios, quantitative reference points are also provided for a variety of other budget-related topics such as: outsourcing the information security function, percentage of the budget devoted to labor, the prevalence of the Chief Security Officer and Chief Privacy Officer titles, where information security reports within the hierarchy, and the most influential factors leading to increased budgets.

“We are pleased to work with Charles Cresson Wood on the latest version of this important survey," said David Lineman, president and CEO of Information Shield. “In this world of ever-tightening budgets and resources, it is essential that organizations have some authoritative and quantitative method to measure how they are doing. The staffing survey is a key tool and Mr. Wood has been observing the evolution of the information security function for more than 20 years.”

2011 Staffing Survey Highlights

The 2011 Information Security and Data Privacy Staffing Survey measured responses to a variety of questions concerning the staffing levels and characteristics of the information security function. The survey was designed to allow organizations to construct meaningful budget and staffing estimates based on both their industry and organization size. Among the highlights from the 2011 staffing survey:

1.    Across all industries and regions, information security staff account for roughly 0.5% of all full-time employees (FTE), up almost 880% since 1997.
2.    Information security staffing budgets are expected to rise 14% over the next year, with regulatory compliance is the largest budget influence.
3.    60% of respondent organizations outsource some of the information security function. On the average 18% of the staffing budget is outsourced, which is up from 7% in 1997.
4.    Across multiple surveys, firms involved in military, federal government, and aerospace/defense had the largest information security staff as a percentage of total workers, while Retailing/Wholesaling had the lowest.
5.    Of all the industries examined by the survey, Health Care experienced the largest percentage increase in staffing levels in recent years.
6.    Manufacturing/Wholesaling experienced the next largest percentage increase in staffing levels in recent years.
7.    74% of respondents have an established function devoted to information security. However, an overwhelming majority (70%) still report up through the IT function.
8.    50% of all organizations have a designated Chief Security Officer (CSO) or similar senior manager responsible for information security.
9.    Nearly 30% of respondents had a designated Chief Privacy Officer (CPO) or similar position.
10.    Some 53% of the respondents indicated that outside contractors performed at least some of information security tasks.

About the Staffing Survey

The 2011 Information Security Staffing Survey is the third version of a series of similar surveys spanning a twenty-four-year period. The first survey was completed in 1989, and a follow-up survey was completed in 1997 in conjunction with the Computer Security Institute (CSI). This summary focuses primarily to the results of the 2011 survey, but occasionally makes reference to the older data to highlight trends. The survey summary is available for free to anyone who registers at

The full results of the survey are available in the latest version of Information Security Roles and Responsibilities Made Easy, by Charles Cresson Wood and published by Information Shield.

About Information Shield

Information Shield provides information security policy and data privacy leading practices trusted by over 9000 customers worldwide, including Information Security Policies Made Easy. Headquartered in Houston, Texas, Information Shield’s products allow organizations to effectively build written security programs that document compliance with international regulations.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

David Lineman
Visit website