CANADIAN COMPANIES REPORT FEWER IT SECURITY INCIDENTS THAN THEIR AMERICAN COUNTERPARTS, but that doesn’t mean they’re not willing to pay around $90,000 on average for the right talent, according to a recent report.
Those responsible for IT security at the director level earn an average of nearly $107,000, survey respondents said, usually within financial, IT and telecommunications firms. Many of these IT security pros are based in smaller firms of less than 1,000 employees, and at least a quarter of them are CIOs, CTOs or CISOs.
Results from the survey of 300 Canadian firms, conducted by Telus and the University of Toronto’s Rotman School of Management, were released at the 2008 InfoSecurity Canada conference.
Walid Hejazi, an associate professor at Rotman, said the survey was comparable to one done by the Computer Security Institute, a U.S. organization that focuses on threats and vulnerabilities within American firms. Although Canadian IT security execs put firewalls, antivirus and training at the top of their list of technologies and initiatives, companies here tended not to suffer the same degree of data loss or theft.
“One of the important points here, though, is that 40 percent of respondents in big firms said they didn’t know about security breaches,” Hejazi said. “There’s a lot of uncertainty.”
The study also looked at the possibility of handing off IT security chores to a third party, but the results showed poor overall support for it. At least 40 percent of the respondents said they do not outsource IT security at all, while another 17 percent said they would do so only to Canadian companies. Thirteen percent said they would only outsource to companies in countries whose laws around privacy are as stringent as Canada’s.
“We did notice that the firms who outsourced security tend to be larger, with more than 10,000 people,” said Hejazi. Those firms also tended to express overall satisfaction with their IT security, compared with non-outsourcing firms.