In the wake of high-profile cyberattacks in the public and private sectors, security is now a top priority for many enterprises. In recent years, our research has shown that organizations are increasing funding for security, but until this year, more funding did not mean increased staffing. However, Computer Economics’ 2016 IT Security Staffing Ratios study shows that for the first time in four years, IT staff is increasing as a percentage of the entire IT staff.
As shown in Figure 1 from the full study, IT security staff increased to 2.9% of the total IT staff at the median in 2016, after remaining relatively stable since 2013 at about 2.6%.
A new array of threats and attack vectors has been forcing IT departments to change tactics and adopt new technology to maintain proper security. It appears those new tactics are starting to require more specialized personnel with a wider skillset. We believe this trend will continue in the next few years as security skills grow in importance and IT departments gain more staff flexibility as they continue to adopt more cloud technology.
In the full study, we present data about the five-year trend in IT security staffing. In light of current trends, we help IT executives assess their security staffing needs by providing four benchmarks: IT security specialists as a percentage of the IT staff, IT security specialists as a percentage of the Network and Communications Group, applications per IT security specialist, and network devices per IT security specialist. We also assess the influence of organization size and sector on staffing requirements. The ratios are based on our annual survey of more than 200 IT organizations.
This Research Byte is a brief overview of our report on this subject, IT Security Staffing Ratios. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).