Reflecting the growing importance of security to the business, the number of security professionals reporting to executive management has increased to 33 percent, compared to 21 percent four years ago.
Eighty percent of survey respondents also rated communications skills as important or very important to the success of their role, while over two-thirds said business skills were important.
"It looks like information security is at long last being recognised by the business," said John Colley, European managing director of ISC2. "There are a lot of parallels between security and what happened in IT over the last 40 years. Security is going through that same evolution [towards being a business enabler] but in a much shorter period of time."
Experience levels are also rising in the industry, the report found, with an average of just over eight years across Europe, the Middle East and Africa. This region also had the highest number of professionals with masters and PHD qualifications.
"This is a profession where a lot is based on judgement – not just technical issues," said Colley. "The higher up the chain you go the more the qualification of preference is the MBA, which reflects the fact that firms are looking for information security leaders who are also business leaders."
Security awareness was also noted as a major factor in effective information security management. Users following security policies was found to be the most important factor in the ability of respondents to protect their organisations.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
