Security professionals are enjoying growing levels of influence inside corporate boardrooms, a new study has suggested.

According to the second annual Global Information Security Workforce Study from IDC, sponsored by International Information Systems Security Certification Consortium (ISC)2, the reason is that security is now seen as a business rather than a purely IT function.

The survey of 4,305 security professionals across the world found that 21 percent of company CEOs were the ultimate point of responsibility for security, up from 12 percent in the 2004 survey. Another 11 percent of those polled in Western Europe said this responsibility lay, more generally, with the board of directors.

Seventy-seven percent of those questioned said they expected their influence within the board of directors to increase in the coming year.

The drivers for this trend is a mixture of the increased likelihood of organised attack on IT systems, and the rising demands of legislative compliance.

The latter is starting to have a marked effect on outlook, with a majority of security professionals outside the US citing ISO 17799 as their top priority.

“Security has risen to the top of the corporate agenda as a strategic business process that affects what organisations value most: their mission, ability to execute, an accountability to shareholders,” the report says.

As a result of rapid change in the profile of the sector, the number of qualified security professionals has risen globally by 9 percent in the last year, to 1.4 million. But, still skills appear to be in heavy demand.

“Anecdotally, many providers of security services are struggling to find appropriate candidates for the vacancies within their workforces. Consequently, opportunity awaits those individuals looking to enter into an information security career path.”

The main areas of technology investment are wireless security, intrusion prevention, identity and access management, and disaster recovery.