CISO , Cybersecurity , Governance

IT Security Employment Soars to Record High

Cybersecurity Engagement by Boards of Directors One Catalyst for Growth
IT Security Employment Soars to Record High

The number of people employed in the United States as information security analysts reached a record high in 2016, according to uncirculated employment data provided by the U.S. Labor Department's Bureau of Labor Statistics.

See Also: How to Scale Your Vendor Risk Management Program

Based on the same household survey used to determine the monthly unemployment rate, BLS reports that 89,000 individuals last year were employed in the United States as information security analysts. That's a whopping 27 percent increase from the 70,000 people in 2015 who identified themselves as information security analysts.

Information security analyst is the only one of the 535 job categories tracked by the BLS that is specific to information security. Other job classifications - especially those in the computer occupation categories such as network and computer administrators - have cybersecurity responsibilities but are not classified as such. BLS surveys began tracking the 535 occupation categories in 2011, and since then, employment among information security analysts has more than doubled from 44,000.

Information Security Analysts Employment Growth

Year Number of Employees
2011 44,000
2012 52,000
2013 48,000
2014 68,000
2015 70,000
2016 89,000
Source: U.S. Bureau of Labor Statistics

George Washington University Professor Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection, characterizes the employment increase in information security analysts as "quite significant" and says several factors contributed to it. "Institutions are educating more aspiring infosec professionals, but not enough to account for this jump," she says. "Position reclassifications and relabeling, based on newly defined workforce frameworks, are an important contributor. In addition, many current IT professionals are transitioning into infosec career roles."

Compensation could be a factor in attracting more people to the profession. According to a 2015 BLS report, the mean annual salary of an information security analyst stood at $93,250 that year. Information security analysts in the 90th percentile received an annual salary of $143,770. "Students are hearing all about cybersecurity, and this is one of the few job growth areas in the country and the world," says Larry Clinton, CEO of the Internet Security Alliance, an industry trade group.

Defining the IT Security Analyst

To determine the employment number, BLS survey takers interviewing respondents ask a series of questions to identify the appropriate occupation classification to assign them. BLS defines information security analysts as individuals who plan and carry out security measures to protect an organization's computer networks and systems.

The dramatic increase in information security analysts' employment also could be attributed, in part, to boards of directors paying greater attention to the cybersecurity threat. A 2016 report from the professional services firm PricewaterhouseCoopers showed that boards have become more engaged in cybersecurity. The report revealed that 68 percent of directors at large companies surveyed by PwC last year said their boards were very engaged in overseeing and understanding the risks of cyberattacks. And 62 percent of those directors said their boards were engaged in determining spending on IT security.

That attention, says Internet Security Alliance's Clinton, means boards and CEOs have been more willing to spend money on cybersecurity over the past couple of years. A growing percentage of companies have increased IT security spending by 20 to 25 percent, he says. "That includes more hirings," Clinton says. "The problem is not on the demand side. The problem is on the supply side. We don't have enough people to fill these jobs."

And, because of the demand for IT security analysts, there's virtually no unemployment in that occupation category.


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network