Giga Information Group, Cambridge, Mass., found that CSOs working for financial services firms are paid about twice as much than their counterparts in other industries such as utilities and manufacturing. The salaries of financial services CSOs who report to business executives including CFOs and COOs may be as high as $400,000 annually plus bonuses of 15% to 25%. CSOs in that field who report directly to the CIO are being paid between $125,000 and $270,000, Giga reports.
|Other Salary-Related Articles|
IT Starting Salaries to Remain Flat in 2002
The rates are far higher than telecom, utilities, manufacturing and other industries. CSOs in those fields who typically report to executives two levels below the CIO earn about $70,000 to $90,000 per year, plus a 15% bonus. CSOs in the science-business sector earn as much as $100,000, albeit with smaller bonuses of 10% to 15%, according to Giga.
The figures are far from being exact. Because the CSO position is so new to many companies, there is no uniformity around how there are paid, according to Steve Hunt, vice president at Giga. "The CSO is a fairly new role in corporations and agencies, but in its brief history has proven to increase operational efficiency and security effectiveness by coordinating security efforts across the organization, managing outsourcing contracts and mapping security measures to real business risks."
Giga also has some hard figures that indicate corporations are spending more than before on security - and especially on the personnel who manage security systems. While oft-cited industry statistics indicate companies spend between 2% and 8% of their IT budgets on security, Giga said its research finds that as much as 20% of a corporation's IT budget is being spent on security. Driving the trend, in part: more money being spent on senior security managers and chief security officers than in past years.
|Discuss IT Security|
Does your company employ a Chief Security Officer?
Jump to a CIN Forum thread asking what your company has done relative to IT security personnel in recent months. Click here to reach the CIN Security Forum.
Click here to register for the CIN Forum - it only takes a moment.
Click here to read about the features built into the new CIN Forum.
There's no secret that Sept. 11 has prompted companies to reassess their internal security management structures to be prepared for any type of attack. To re-evaluate their readiness, Hunt said, security managers need to know what skills and salary levels are needed for security staff, as well as how to structure a security team.
"How these teams are built depends heavily on the size and complexity of the organization, but most importantly, on the company's risk tolerance," he said.
According to Giga, companies' risk tolerance is getting lower. Hunt said: "High-profile companies or organizations associated with national infrastructure are lowering their risk tolerance measurably and increasing their security budgets similarly as a result of the current threat climate."