While security is a high priority for most IT organizations, the staffing of this function has remained remarkably steady over time. Strengthening security does not necessarily require expanding the number of often highly paid and in-demand professionals dedicated to maintaining data and network security.
As shown in Figure 1 from our study, IT Security Staffing Ratios, IT security staffing has remained at about the 2.0% level on average over the past five years. It declined slightly over the course of the recession to a low of 1.8% of the total IT staff in 2009, but then rebounded as high as 2.2% in 2010 before settling back to 1.9% in 2013. The fluctuations may have as much to do with changes in the composition of the IT staff as with changes in IT security staffing levels over the period, however.
We advise against using these averages as benchmarks. While averages are useful for assessing trends, we use percentiles for benchmarking purposes. Our benchmarks provide a range of values from the 25th percentile to the 75th percentile within which typical organizations fall.
In the full study, we help IT executives assess their security staffing needs by providing four benchmarks: IT security staff as a percentage of the IT staff, IT security staff as a percentage of the network support group, users per IT security staff member, and network devices per IT security staff member. We also assess the influence of organization size and sector on staffing requirements.
This Research Byte is a brief overview of our report on this subject, IT Security Staffing Ratios. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).
Do you also need staffing ratios for other IT job functions? Consider this collection of all of our staffing ratio reports, which bundles them all into a single report at a significant discount: IT Staffing Ratios–Special Report Bundle.