In addition, 60% of organizations surveyed said that they outsource some of their information security function. On average 18% of the staffing budget is outsourced, according to the 2011 Information Security and Data Privacy Staffing Survey, which polled 190 organizations in 34 countries.
Some 53% of the respondents indicated that outside contractors performed at least some information security tasks.
Three-quarters of respondents said they have an established function devoted to information security. However, an overwhelming majority (70%) still report up through the IT function.
Half of all organizations have a designated chief security officer or similar senior manager responsible for information security, and nearly 30% of respondents had a designated chief privacy officer or similar position.
Of all the industries examined by the survey, health care experienced the largest percentage increase in infosec staffing levels in recent years, followed by manufacturing and wholesaling.
“For decades, information security specialists have been requesting ever larger budgets for their internal information security efforts, claiming that they are understaffed”, said report author Charles Wood. “In response, senior management has often responded with comments like, ‘Show me the numbers – how do you know we aren’t spending enough?’ This report provides those numbers – the numbers that allow an organization to determine how it ranks with its peers. Through a few simple calculations, readers can quickly determine whether their organization is spending too little, or perhaps too much, on information security staff”, he added.