In this section, we report on the general make-up of the respondents who participated in the survey. We report position level, years of experience, and areas of responsibility, in addition to demographics (race/ethnicity, gender, and age).

Respondents varied in position level and years of experience. There was diversity in our respondents when it came to position level and years of experience (see figure 1). C-level executives and staff were almost equally represented (34% and 31%, respectively), and the least represented group was managers (12%). Almost half (49%) of respondents have been in their current position for at least five years, while 42% have been in their current position for one to four years and 9% for less than one year. Respondents were much more homogeneous in gender and race/ethnicity. Most respondents were cis-male (74%) and white (89%), which is consistent with overall IT demographics in previous years. Respondents varied in age (26 to 74), with the average age being 51.

Responsibilities often fall across multiple functional areas. Only 26% of respondents said that their primary responsibilities fall within a single focus area (21% primarily focus on cybersecurity issues and 5% focus on privacy issues) (see figure 2). A large majority (74%) said they focus on multiple areas, with most of these indicating that cybersecurity issues fell within their responsibilities. We asked respondents who indicated that they have responsibilities in areas other than cybersecurity and privacy to specify those areas. Some of the areas that they identified included IT services and infrastructure, compliance, network infrastructure, enterprise services, system and data management, identity and access management, and administration.