The number of cybersecurity professionals is projected to grow at an annual compound rate of nearly 14% from now until 2008, according to a study released this week during the Computer Security Institute (CSI) trade show in Washington, D.C.

The Information Security Workforce Study, conducted by IDC for the International Information Systems Security Certification Consortium, or (ISC)2, projects that the number of information security professionals worldwide will be 2.1 million in 2008, up from 1.3 million currently.

The study's authors predict that information security jobs will grow at an annual compound rate of 13.7% worldwide, while the number of those jobs in the Asia/Pacific region will grow 18.3% a year through 2008, compared to a 5% to 7% growth in IT jobs in general.

Those numbers indicate that the U.S. is most advanced in dealing with information security and adopting security technologies, while companies in the Asia/Pacific region are trying to catch up, said Allan Carey, an IDC analyst and author of the study.

The survey of 5,371 full-time information security professionals in 80 countries also found that 97% of respondents had moderate to very high expectations for career growth. Security professionals have also experienced growth in job prospects, career advancement, higher base salaries and salary premiums for certification at faster rates than other areas of information technology, according to the study.

Billed as the first major global study of the information security profession, the IDC survey also found that 23 percent of respondents reported to bosses outside of the information technology division, such as CEOs and CFOs. Executive management titles such as chief information security officer and chief security officer made up more than 10% of respondents, although neither position existed 10 years ago, the study's authors noted.

The study seems to show progress in getting information security issues recognized outside the IT department, said James R. Wade, a member of the (ISC)2 board of directors. "It's beginning to be recognized more broadly as an enterprise-wide area," Wade said.

Businesses seem to be heeding calls for top executives to get involved in information security, Carey added. "Security is being more ingrained within the business and within daily operations," Carey said. "It's not just a technology solution any more -- you can't just throw a firewall in ... and the problem's solved. You have to address security from a people, processes and technology standpoint in order to really have a successful security strategy in place."

The IDG News Service is a Network World affiliate.