Reflecting the growing importance of security to the business, the number of security professionals reporting to executive management has increased to 33 percent, compared to 21 percent four years ago.
Eighty percent of survey respondents also rated communications skills as important or very important to the success of their role, while over two-thirds said business skills were important.
"It looks like information security is at long last being recognised by the business," said John Colley, European managing director of ISC2. "There are a lot of parallels between security and what happened in IT over the last 40 years. Security is going through that same evolution [towards being a business enabler] but in a much shorter period of time."
Experience levels are also rising in the industry, the report found, with an average of just over eight years across Europe, the Middle East and Africa. This region also had the highest number of professionals with masters and PHD qualifications.
"This is a profession where a lot is based on judgement – not just technical issues," said Colley. "The higher up the chain you go the more the qualification of preference is the MBA, which reflects the fact that firms are looking for information security leaders who are also business leaders."
Security awareness was also noted as a major factor in effective information security management. Users following security policies was found to be the most important factor in the ability of respondents to protect their organisations.