The Cybersecurity and Privacy Workforce in Higher Education, 2023

Respondent Composition

In this section, we report on the general make-up of the respondents who participated in the survey. We report position level, years of experience, and areas of responsibility, in addition to demographics (race/ethnicity, gender, and age).

Respondents varied in position level and years of experience. There was diversity in our respondents when it came to position level and years of experience (see figure 1). C-level executives and staff were almost equally represented (34% and 31%, respectively), and the least represented group was managers (12%). Almost half (49%) of respondents have been in their current position for at least five years, while 42% have been in their current position for one to four years and 9% for less than one year. Respondents were much more homogeneous in gender and race/ethnicity. Most respondents were cis-male (74%) and white (89%), which is consistent with overall IT demographics in previous years. Respondents varied in age (26 to 74), with the average age being 51.

Figure 1. Respondent Demographics
Four doughnut charts of demographics. Position level: C-level (34%), directors (23%), managers (12%), and staff (31%). Years in position: less than 1 (9%), 1 to 4 (42%), 5 to 10 (29%), and more than 10 (20%). Gender: man (74%), woman (24%), genderqueer, gender nonconforming, nonbinary (1%), trans (1%). Race/ethnicity: white (84%), multi-racial/multi-ethnic (5%), Hispanic or Latino, or Spanish origin (4%), Asian (4%), Black or African American (2%), and American Indian or Alaska Native (0.3%).

Responsibilities often fall across multiple functional areas. Only 26% of respondents said that their primary responsibilities fall within a single focus area (21% primarily focus on cybersecurity issues and 5% focus on privacy issues) (see figure 2). A large majority (74%) said they focus on multiple areas, with most of these indicating that cybersecurity issues fell within their responsibilities. We asked respondents who indicated that they have responsibilities in areas other than cybersecurity and privacy to specify those areas. Some of the areas that they identified included IT services and infrastructure, compliance, network infrastructure, enterprise services, system and data management, identity and access management, and administration.

Figure 2. Primary Responsibilities
Bar chart showing percentages of respondents who selected one of several descriptions for the focus of their responsibilities: cybersecurity and privacy (37%), cybersecurity and another area (31%), primarily cybersecurity (21%), privacy and another area (6%), and primarily privacy (5%).