Giga Information Group, Cambridge, Mass., found that CSOs working for financial services firms are paid about twice as much than their counterparts in other industries such as utilities and manufacturing. The salaries of financial services CSOs who report to business executives including CFOs and COOs may be as high as $400,000 annually plus bonuses of 15 to 25 percent. CSOs in that field who report directly to the CIO are being paid between $125,000 and $270,000, Giga reports.
|Other Recent CIO Digests|
|IT Starting Salaries to Remain Flat in 2002 IT Salaries Feel Recession's Pinch Top 10 Cities To Find Certified IT Pros Certifications: Worth It or Not? IT Worker Shortage Continues Pay Not Top Concern For IT Pros|
The figures are far from being exact. Because the CSO position is so new to many companies, there is no uniformity around how there are paid, according to Steve Hunt, vice president at Giga. "The CSO is a fairly new role in corporations and agencies, but in its brief history has proven to increase operational efficiency and security effectiveness by coordinating security efforts across the organization, managing outsourcing contracts and mapping security measures to real business risks."
Giga also has some hard figures that indicate corporations are spending more than before on security - and especially on the personnel who manage security systems. While oft-cited industry statistics indicate companies spend between 2 and 8 percent of their IT budgets on security, Giga said its research finds that as much as 20 percent of a corporation's IT budget is being spent on security. Driving the trend, in part: more money being spent on senior security managers and chief security officers than in past years.
|Discuss IT Security|
Does your company employ a Chief Security Officer?
Jump to a CIN Forum thread asking what your company has done relative to IT security personnel in recent months. Click here to reach the CIN Security Forum.
Click here to register for the CIN Forum - it only takes a moment.
Click here to read about the features built into the new CIN Forum.
There's no secret that Sept. 11 has prompted companies to reassess their internal security management structures to be prepared for any type of attack. To re-evaluate their readiness, Hunt said, security managers need to know what skills and salary levels are needed for security staff, as well as how to structure a security team.
"How these teams are built depends heavily on the size and complexity of the organization, but most importantly, on the company's risk tolerance," he said.
According to Giga, companies' risk tolerance is getting lower. Hunt said: "High-profile companies or organizations associated with national infrastructure are lowering their risk tolerance measurably and increasing their security budgets similarly as a result of the current threat climate."
David Aponovich is senior editor of CIN.