The security function remains decentralized in most companies which can hinder accountability and coordination. Since September 11, 2001 more than half of companies surveyed are not considering creating a Chief Security Officer position.
Organizations address security in three distinct ways: physical, IT, and risk management. Of the three, IT security officers are best paid, followed by risk managers. Directors of physical security earn the least, and are most often mid-level managers reporting to the SVP for facilities, keeping the roots of security in corporate operations.