In the wake of high-profile cyberattacks, the number of IT security staff members as a percentage of the total IT staff has risen for the second year running, according to our annual IT Spending and Staffing Benchmarks study.
As shown in Figure 1 from the full report, IT Security Staffing Ratios, IT security staff members rose to 3.1% of the total IT staff at the median in 2017, up from 2.9% in 2016. Previously, the ratio was stable from 2013-2015 at 2.6%.
In the current climate, well-publicized breaches are driving spending on newer-generation IT security products. Recent ransomware attacks include a worldwide virus known as Petya that started in the Ukraine and crippled thousands of computers in June and the WannaCry ransomware virus in May. This is in addition to continuing threats from malicious insiders.
“Security remains a top priority for enterprises, which is understandable considering all the high-profile breaches in the news,” said Tom Dunlap, director of research at Irvine, Calif.-based Computer Economics. “But the nature of security threats, and the response to them, is changing. That’s why IT executives need to be careful when they fill the ranks of their security team, to make sure their personnel have the latest skills.”
In the face of these challenges, IT executives should assess their IT security staffing needs, but the question of how many IT security staff members an organization needs is a complex one. It not only varies by sector and organization size, but also by the level of commitment that business leaders make to ensuring security. A commitment from executive management is required to create a culture of security that ensures policies are enforced, procedures are followed, compliance is audited, and sufficient investments are made in personnel, training, services, and technology.
In the full report, we help IT executives analyze their security staffing needs by providing four benchmarks: IT security staff members as a percentage of the IT staff, IT security staff members as a percentage of the Network and Communications Group, applications per IT security staff member, and network devices per IT security staff member. We also assess the influence of organization size and sector on staffing requirements.
This Research Byte is a brief overview of our management advisory on this subject, IT Security Staffing Ratios. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).