Are You Fairly Compensated?
The results from this 2012 Security Barometer show an even split on the opinions of the 80+ security practitioners polled. Half of the respondents felt they were fairly compensated and half didn't. Compare this to the results from this same question asked in 2010 where only 25% felt fairly compensated.
Why We Are Not Fairly Compensated?The most common reasons given for not being fairly compensated revolves around the ability to communicate the value security brings to the organization. According to practitioners' responses, educating business executives to view security as a business function that adds value beyond meeting direct legislative or regulatory requirements is a very difficult task.
For a few organizations, cost cutting is being held responsible for low compensation. However the effect of the slow economy on compensation appears to be easing. A surprising number of respondents reported that other business functions in their organization are seeing increases in compensation while it is the security function that is being left behind. Even among this group the common theme is that the insufficient compensation is tied to the inability to communicate why security is necessary for efficient revenue generation.
Why We Are Fairly Compensated?The reasons given by those practitioners who feel they are fairly compensated were clear. This group was able to sell the security team (or their own skills) as a positive to the bottom line. Organizations that recognize the value of security in meeting their revenue goals demonstrate this in their concern for the development and well being of their security employees. Consequently, their employees end up feeling fairly compensated.
2012 Security Barometer Results:
How Can The Situation Be Improved:At all levels and functions, compensation is related to the ability to demonstrate the value being brought to the organization. The Council has spent years gathering information from current and former risk managers and about what works and what doesn't when it comes to communicating value. This knowledge has been successful in helping risk managers demonstrate value resulting in everything from position preservation during executive management shake-ups to promotions and increased awareness / funding for programs.
Here are a few take-aways from the Council regarding communicating the value the security function brings to your organization:
2010 Security Barometer Results:The latest results are an interesting contrast to what was gathered from this same question in 2010. The difference in results tends to indicate that either compensation for some is improving or that practitioners are coming to grips with slow economic growth.
Next Steps:We operate in an environment where nothing bad happening is a good thing. Unfortunately "nothing happening" is not such a good thing when it comes to executive awareness of the security function and resultant compensation.
To optimize your program and its ability to demonstrate business value seek the people who have extensive successful experience at value communication with executives and board members. Contact the Security Executive Council at firstname.lastname@example.org. There is no obligation and nothing lost in discussing your particular situation with the Council.