While many IT jobs were lost or shelved during last year's global economic recession, the downturn has had more mixed effects on the IT security industry. According to a new survey, IT security professionals' salaries rose in 2009 and are looking promising for the coming year, even as overall hiring and security budgets remain tight.
The survey of 2,980 security professionals, conducted by non-profit security professional organization (ISC)2, found that nearly 53 percent of respondents received some form of salary increase in 2009. Nearly 36 percent reported an increase of up to 5 percent, while approximately 12 percent noted they had a salary increase of 5 to 10 percent. At the top end of the pay scale, nearly 6 percent of respondents reported that they received a 2009 salary increase of 10 percent or more.
It's not all rosy for IT security pros, however. Approximately 5 percent of respondents to the (ISC)2 survey reported that they had been laid off in 2009. For those that lost jobs, trying to find new positions in IT security during 2009 was also a difficult proposition.
Just over 66 percent of respondents reported that the economic downturn resulted in fewer employee hires during 2009. More specifically, 41 percent said that there was a "significant" decrease in new hires while 25.3 percent said that new hiring "decreased somewhat."
Only 12 percent of respondents said that their organizations had any amount of new hires in 2009. Surveyed IT security pros attributed the chief reason for a decline in hiring during 2009 to a drop in IT security budgets, according to 51 percent of the respondents.
The picture changes when looking at the outlook for 2010, with the majority of survey respondents (53.3 percent) noting that they were planning on hiring IT security professionals in 2010. That said the message is still somewhat mixed, however, as 47.5 percent reported that they expected no change in their information security budget for 2010.
"The results from our latest Career Impact Survey show that in a very difficult economic environment, organizations are placing an even higher value on the work that information security professionals do," W. Hord Tipton, executive director for(ISC)2, said in a statement.
"Its a sign of the private and public sectors' ever-increasing dependence upon the stability and security of the online world, providing a plethora of career opportunities for knowledgeable, qualified, motivated security professionals," he said.
There is also a mixed perception about whether the recession has increased security risks faced by organizations. Of the IT security pros surveyed, 41.8 percent reported that the recession has had no effect, while 32.8 percent said it had.
In terms of the types of IT security threats seen in 2009, 37.7 percent reported that employee misconduct was the most common IT security risk, while 31.3 percent reported that hacks against infrastructure was the area of greatest activity. Other reports have shown an increase in attacks this past year, including one from Symantec, which reported that 75 percent of enterprises were hit by some form of cyber attack in 2009.