Top navigation skipped
CybersecurityStatewide Overview
Cybercrime — the use of computer technology or the internet to gain unauthorized access to information for exploitative or malicious purposes — poses a danger to both national and personal security. Millions of businesses and individuals every day face financial and personal risk from compromised systems.
In 2017, Texas ranked third among states in its number of cybercrime victims and second in its financial losses.1
Businesses and organizations often find it difficult to improve their information security capabilities, given an ongoing global shortage of cybersecurity professionals projected to hit 3.5 million by 2021. Nationally, relatively few colleges offer cybersecurity degree programs; existing programs often are small and evolving.
Even so, Texas has attracted a strong cybersecurity workforce and training pipeline. Texas colleges and universities, 19 of them designated as Centers for Academic Excellence (CAE) by the National Security Agency, are training thousands of computer scientists, computer engineers and other information technology (IT) workers to meet information security needs in industries across the state.2
Cybersecurity Programs and Award
The Comptroller’s office has examined educational and employment statistics for the Information Security Analyst occupation, defined by the federal Standard Occupational Classification (SOC) system as workers who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. These workers ensure appropriate security controls are in place and respond to computer security breaches and viruses.3
Exhibit 1 lists postsecondary program awards granted by Texas colleges and universities in the 2017 academic year. The National Center for Education Statistics (NCES) has identified these programs as trainers of Information Security Analysts. JobsEQ, an economic modeling software, estimates that more than 440 of 3,627 persons completing training in this area in 2017 will work in this occupation.4
Exhibit 1
Information Security Analysts Program Awards in Texas, 2017
| Title | CIP Code* | Certificates and Two-Year Awards | Four-Year Awards | Postgraduate Awards | Total Awards |
|---|---|---|---|---|---|
| Computer and Information Systems Security/Information Assurance | 11.1003 | 285 | 105 | 94 | 484 |
| Computer Science | 11.0701 | 192 | 694 | 529 | 1,415 |
| Computer Systems Networking and Telecommunications | 11.0901 | 840 | 26 | 0 | 866 |
| Cyber/Computer Forensics and Counterterrorism | 43.0116 | 0 | 0 | 0 | 0 |
| Information Technology | 11.0103 | 110 | 220 | 0 | 330 |
| Information Technology Project Management | 11.1005 | 0 | 1 | 12 | 13 |
| Network and System Administration/Administrator | 11.1001 | 157 | 1 | 0 | 158 |
| System, Networking, and LAN/WAN Management/Manager | 11.1002 | 285 | 76 | 0 | 361 |
| Total | 1,869 | 1,123 | 635 | 3,627 |
Note: Awards data derived from the National Center for Education Statistics (NCES) and JobsEQ for the 2017 academic year. Any programs shown here have been identified as linked with the Information Security Analyst occupation.
* The NCES Classification of Instruction Program (CIP) tracks, assesses and reports fields of study and program completions.
Source: JobsEQ
The Comptroller’s office acknowledges that workers with cybersecurity-related duties could be classified under other SOC codes. This analysis, however, examines the Information Security Analyst occupation to focus on workers clearly performing cybersecurity-related functions as opposed to other IT-related duties. The federal Department of Homeland Security recently noted inconsistencies in the way in which employers define and use the term “cybersecurity,” which can include a wide range of job functions requiring different qualifications and skillsets. Job descriptions and titles for the same job vary from employer to employer. Some researchers and industry practitioners contend that every IT job is involved in cybersecurity to some extent.
Employment and Wages
As of 2018, 9,029 Information Security Analysts were employed in Texas (Exhibit 2). During the past five years, the state added 1,338 jobs in this occupation, and is expected to add 3,757 more during the next 10 years, for a growth rate of 41.6 percent.
Exhibit 2
Information Security Analysts Employed in Texas, 2018
| Type of Employer | 2018 Employment | Five-Year History | 10-Year Forecast | ||||
|---|---|---|---|---|---|---|---|
| Change | Percent Change | Total Demand | Separations* | Growth | Growth Rate | ||
| Private | 8,579 | 1,316 | 18.1% | 10,493 | 6,808 | 3,685 | 43.0% |
| Government | 451 | 22 | 5.2% | 394 | 322 | 72 | 16.1% |
| Total Covered Employment | 9,029 | 1,338 | 17.4% | 10,888 | 7,130 | 3,757 | 41.6% |
Figures may not sum due to rounding.
Note: Data represents ‘Covered Employment,’ jobs covered by unemployment insurance, representing about 97 percent of all employment. Excluded workers include members of the armed forces, the self-employed and railroad workers. Growth is defined as the number of new jobs expected.
* Separations include both workers exiting the workforce for various reasons such as retirement and workers transferring into different occupations.
Source: JobsEQ
As of 2017, the average annual wage for Information Security Analysts was $95,000in Texas, nearly twice as much as the average annual wage for all occupations of $49,000 (Exhibit 3). In the same year, average entry-level wages for the occupation were about $57,000; experienced workers received average pay of $114,000.
Exhibit 3:
Average Annual Wages for Information Security Analysts in Texas, 2017
Average Annual Wage of Information Security Analysts in Texas - $95,000
Average Annual Wage of All Occupations in Texas - $49,000
- Mean: $95,000
- Entry Level: $57,000
- Experienced: $114,000
Note: Occupation wages represent the average of all Covered Employment.
Source: JobsEQ
Texas’ Cybersecurity Industry
Information Security Analysts work in various industries across the state economy; the highest concentration, 28.2 percent, worked in Computer Systems Design and Related Services, as defined by the federal North American Industry Classification System (NAICS).
Although cybersecurity is currently undefined as an industry in NAICS, it has a significant impact on the state economy.5 The Comptroller’s office has used JobsEQ to create a custom industry group of existing NAICS codes closely related to the provision of cybersecurity-related products and services, and with high concentrations of Information Security Analysts. This custom industry group then was used to generate estimates related to Texas’ cybersecurity industry and its economic impact.
The Comptroller’s office estimates that firms within Texas’ cybersecurity industry generated more than $35.5 billion in gross state product (GSP) in 2017.6 It’s important to note, moreover, that Texas’ cybersecurityindustry saves other industries from incurring damages, thus protecting what is likely to be a significant portion of total GSP.
The industry employed about 130,000 Texans in 2018 (Exhibit 4). During the past five years, this industry added 38,000 jobs in Texas, and is expected to increase its job count by 46,000 or 35.4 percent during the next 10 years. Cybersecurity has a near-zero unemployment rate and an average annual wage of $110,000 across its various occupations.
Exhibit 4
| 2018 Employment | Five-Year History | 10-Year Forecast | ||||
|---|---|---|---|---|---|---|
| Employment Change | Employment Percent Change | Total Demand | Separations* | Growth | Growth Rate | |
| 130,000 | 38,000 | 41.3% | N/A | N/A | 46,000 | 35.4% |
Note: Data represents Covered Employment. Growth is defined as the projected number of new jobs that are expected to be created. Figures may not sum due to rounding.
* Separations include both workers exiting the workforce for various reasons such as retirement and workers transferring into different occupations.
Sources: JobsEQ and Texas Comptroller of Public Accounts
Every job added to the cybersecurity industry generates about $224,000 in sales and economic output and $124,000 in direct compensation (Exhibit 5).7
Cybersecurity firms create additional positive economic impacts as they buy supplies and services from firms in other industries (called indirect effects) and as their employees spend their wages locally (called induced effects). The creation of one job in the cybersecurity industry generates an additional job, $187,000 in sales or economic output, and $62,000 in compensation in the Texas economy.8
Exhibit 5
Estimated Annual Impact of Cybersecurity Industry Per Job, 2018
| Impact From | Direct | Indirect and Induced | Total Impact |
|---|---|---|---|
| Employment | 1 | 1 | 2 |
| Sales/Output | $224,000 | $187,000 | $411,000 |
| Compensation | $124,000 | $62,000 | $186,000 |
Note: Figures may not sum due to rounding.
Sources: JobsEQ and Texas Comptroller of Public Accounts
Unfortunately, cybercriminals see Texas’ large, ever-growing population simply as a large and ever-growing pool of potential targets. The state’s colleges and universities have continued to develop nationally recognized programs that produce the highly skilled professionals needed to address these challenges while creating high-wage, high-demand jobs for Texans. During the 2017 academic year, these programs awarded more than 440 degrees for Information Security Analysts as well as thousands of degrees for workers in other IT occupations.
Texas’ cybersecurity educational programs train workers that enter almost every industry of the state economy. But they also contribute greatly to the cybersecurity industry itself — an industry so new it has yet to be defined by NAICS. Based on the Comptroller’s analysis, the cybersecurity industry employs about 130,000 Texans and contributes a minimum of $35.5 billion in GSP. The creation of a single job in cybersecurity generates one additional job, $187,000 in sales or economic output and $62,000 in compensation for the Texas economy.
End Notes
Links are correct at the time of publication. The Comptroller's office is not responsible for external websites.
- Drawn from U.S. Federal Bureau of Investigation, Internet Crime Complaint Center.
- National Security Agency, Central Security Service, “Centers of Academic Excellence in Cyber Operations.”
- Job titles reported under Information Security Analysts (Standard Occupational Classification 15-1122) include Computer Security Specialist, Information Systems Security Officer, Information Security Manager, Information Security Analyst, Security Analyst, Information Systems Security Analyst, Systems Analyst, Systems Administrator, Security Specialist and Security Director.
- Awards flow into other occupations including Computer and Information Systems Managers (11-3021), Database Administrators (15-1141), Network and Computer Systems Administrators (15-1142), Computer Network Architects (15-1143), Computer Network Support Specialists (15-1152), Computer Occupations, All Other (15-1199), Computer and Information Research Scientists (15-1111), Computer Systems Analysts (15-1121), Software Developers, Applications (15-1132) and Software Developers, Systems Software (15-1133).
- The Comptroller’s office defines the cybersecurity industry as establishments or firms that primarily provide products and services designed to enhance and protect computers, networks, programs and data from unintended or unauthorized access of destruction and that sell their products and services to customers external to the immediate organization.
It is important to note that, as with any other industry, cybersecurity employs workers from various occupations, some of whom do not perform cybersecurity or even IT-related job duties. Jobs in these various occupations are classified in the cybersecurity industry because they are in a firm whose main product or service produced is cybersecurity. - The Comptroller’s office used JobsEQ, an economic modeling software, to create a custom industry group of existing North American Industry Classification System codes closely related to the provision of cybersecurity related products and services that also have the highest concentrations of Information Security Analysts (15-1179): Computer Systems Design and Related Service (5415), Management, Scientific and Technical Consulting Services (5416) and Scientific Research and Development Services (5112). Visit the U.S. Census Bureau’s NAICS index to learn more about the definitions of each NAICS code.
- The multiplier effect discussed in this analysis is based solely on the number of jobs added in the industry and does not differentiate effects by occupation.
- Based on the combined “indirect” multiplier effects on industries that supply goods and services to the industry and “induced” multiplier effects on industries that sell local goods and services, such as housing, food or entertainment, to workers in the industry and its suppliers.
Questions?
If you have any questions or concerns regarding the material on this page, please contact the Comptroller’s Data Analysis and Transparency Division.