Security professionals are enjoying growing levels of influence inside corporate boardrooms, a new study has suggested.

According to the second annual Global Information Security Workforce Study from IDC, sponsored by International Information Systems Security Certification Consortium 2, the reason is that security is now seen as a business rather than a purely IT function.

The worldwide survey of 4305 security professionals found that 21 per cent of company CEOs were the ultimate point of responsibility for security, up from 12 per cent in the 2004 survey. Another 11 per cent of those polled in Western Europe said this responsibility lay, more generally, with the board of directors.

Seventy-seven per cent of those questioned said they expected their influence within the board of directors to increase in the coming year.

The drivers for this trend is a mixture of the increased likelihood of organised attack on IT systems, and the rising demands of legislative compliance.

The latter is starting to have a marked effect on outlook, with a majority of security professionals outside the US citing ISO 17799 as their top priority.

"Security has risen to the top of the corporate agenda as a strategic business process that affects what organizations value most: their mission, ability to execute, an accountability to shareholders," the report said.

As a result of rapid change in the profile of the sector, the number of qualified security professionals has risen globally by 9 per cent in the last year, to 1.4 million. But, still skills appear to be in heavy demand.

"Anecdotally, many providers of security services are struggling to find appropriate candidates for the vacancies within their workforces," the report stated. "Consequently, opportunity awaits those individuals looking to enter into an information security career path."

The main areas of technology investment are wireless security, intrusion prevention, identity and access management, and disaster recovery.