Skip navigation
Glenn Hegar
Texas Comptroller of Public Accounts
Glenn Hegar
Texas Comptroller of Public Accounts
Glenn Hegar
Texas Comptroller of Public Accounts

economy

CybersecurityStatewide Overview

Cybercrime — the use of computer technology or the internet to gain unauthorized access to information for exploitative or malicious purposes — poses a danger to both national and personal security. Millions of businesses and individuals every day face financial and personal risk from compromised systems.

In 2017, Texas ranked third among states in its number of cybercrime victims and second in its financial losses.1

Businesses and organizations often find it difficult to improve their information security capabilities, given an ongoing global shortage of cybersecurity professionals projected to hit 3.5 million by 2021. Nationally, relatively few colleges offer cybersecurity degree programs; existing programs often are small and evolving.

Even so, Texas has attracted a strong cybersecurity workforce and training pipeline. Texas colleges and universities, 19 of them designated as Centers for Academic Excellence (CAE) by the National Security Agency, are training thousands of computer scientists, computer engineers and other information technology (IT) workers to meet information security needs in industries across the state.2

Cybersecurity Programs and Award

The Comptroller’s office has examined educational and employment statistics for the Information Security Analyst occupation, defined by the federal Standard Occupational Classification (SOC) system as workers who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. These workers ensure appropriate security controls are in place and respond to computer security breaches and viruses.3

Exhibit 1 lists postsecondary program awards granted by Texas colleges and universities in the 2017 academic year. The National Center for Education Statistics (NCES) has identified these programs as trainers of Information Security Analysts. JobsEQ, an economic modeling software, estimates that more than 440 of 3,627 persons completing training in this area in 2017 will work in this occupation.4

Exhibit 1

Information Security Analysts Program Awards in Texas, 2017

Information Security Analysts Program Awards in Texas
Title CIP Code* Certificates and Two-Year Awards Four-Year Awards Postgraduate Awards Total Awards
Computer and Information Systems Security/Information Assurance 11.1003 285 105 94 484
Computer Science 11.0701 192 694 529 1,415
Computer Systems Networking and Telecommunications 11.0901 840 26 0 866
Cyber/Computer Forensics and Counterterrorism 43.0116 0 0 0 0
Information Technology 11.0103 110 220 0 330
Information Technology Project Management 11.1005 0 1 12 13
Network and System Administration/Administrator 11.1001 157 1 0 158
System, Networking, and LAN/WAN Management/Manager 11.1002 285 76 0 361
Total 1,869 1,123 635 3,627

Note: Awards data derived from the National Center for Education Statistics (NCES) and JobsEQ for the 2017 academic year. Any programs shown here have been identified as linked with the Information Security Analyst occupation.
* The NCES Classification of Instruction Program (CIP) tracks, assesses and reports fields of study and program completions.

Source: JobsEQ

The Comptroller’s office acknowledges that workers with cybersecurity-related duties could be classified under other SOC codes. This analysis, however, examines the Information Security Analyst occupation to focus on workers clearly performing cybersecurity-related functions as opposed to other IT-related duties. The federal Department of Homeland Security recently noted inconsistencies in the way in which employers define and use the term “cybersecurity,” which can include a wide range of job functions requiring different qualifications and skillsets. Job descriptions and titles for the same job vary from employer to employer. Some researchers and industry practitioners contend that every IT job is involved in cybersecurity to some extent.

Employment and Wages

As of 2018, 9,029 Information Security Analysts were employed in Texas (Exhibit 2). During the past five years, the state added 1,338 jobs in this occupation, and is expected to add 3,757 more during the next 10 years, for a growth rate of 41.6 percent.

Exhibit 2

Information Security Analysts Employed in Texas, 2018
Type of Employer2018
Employment
Five-Year History 10-Year Forecast
Change Percent Change Total Demand Separations* GrowthGrowth Rate
Private 8,579 1,316 18.1% 10,493 6,808 3,685 43.0%
Government 451 22 5.2% 394 322 72 16.1%
Total Covered Employment 9,029 1,338 17.4% 10,888 7,130 3,757 41.6%

Figures may not sum due to rounding.

Note: Data represents ‘Covered Employment,’ jobs covered by unemployment insurance, representing about 97 percent of all employment. Excluded workers include members of the armed forces, the self-employed and railroad workers. Growth is defined as the number of new jobs expected.
* Separations include both workers exiting the workforce for various reasons such as retirement and workers transferring into different occupations.

Source: JobsEQ

As of 2017, the average annual wage for Information Security Analysts was $95,000in Texas, nearly twice as much as the average annual wage for all occupations of $49,000 (Exhibit 3). In the same year, average entry-level wages for the occupation were about $57,000; experienced workers received average pay of $114,000.

Exhibit 3:

Average Annual Wages for Information Security Analysts in Texas, 2017

Average Annual Wage of Information Security Analysts in Texas - $95,000

Average Annual Wage of All Occupations in Texas - $49,000

  • Mean: $95,000
  • Entry Level: $57,000
  • Experienced: $114,000

Note: Occupation wages represent the average of all Covered Employment.

Source: JobsEQ

Texas’ Cybersecurity Industry

Information Security Analysts work in various industries across the state economy; the highest concentration, 28.2 percent, worked in Computer Systems Design and Related Services, as defined by the federal North American Industry Classification System (NAICS).

Although cybersecurity is currently undefined as an industry in NAICS, it has a significant impact on the state economy.5 The Comptroller’s office has used JobsEQ to create a custom industry group of existing NAICS codes closely related to the provision of cybersecurity-related products and services, and with high concentrations of Information Security Analysts. This custom industry group then was used to generate estimates related to Texas’ cybersecurity industry and its economic impact.

The Comptroller’s office estimates that firms within Texas’ cybersecurity industry generated more than $35.5 billion in gross state product (GSP) in 2017.6 It’s important to note, moreover, that Texas’ cybersecurityindustry saves other industries from incurring damages, thus protecting what is likely to be a significant portion of total GSP.

The industry employed about 130,000 Texans in 2018 (Exhibit 4). During the past five years, this industry added 38,000 jobs in Texas, and is expected to increase its job count by 46,000 or 35.4 percent during the next 10 years. Cybersecurity has a near-zero unemployment rate and an average annual wage of $110,000 across its various occupations.

Exhibit 4

Note: Data represents Covered Employment. Growth is defined as the projected number of new jobs that are expected to be created. Figures may not sum due to rounding.
* Separations include both workers exiting the workforce for various reasons such as retirement and workers transferring into different occupations.

Sources: JobsEQ and Texas Comptroller of Public Accounts

Every job added to the cybersecurity industry generates about $224,000 in sales and economic output and $124,000 in direct compensation (Exhibit 5).7

Cybersecurity firms create additional positive economic impacts as they buy supplies and services from firms in other industries (called indirect effects) and as their employees spend their wages locally (called induced effects). The creation of one job in the cybersecurity industry generates an additional job, $187,000 in sales or economic output, and $62,000 in compensation in the Texas economy.8

Exhibit 5

Estimated Annual Impact of Cybersecurity Industry Per Job, 2018

Estimated Annual Impact of Cybersecurity Industry Per Job, 2018
Impact From Direct Indirect and Induced Total Impact
Employment 1 1 2
Sales/Output $224,000 $187,000 $411,000
Compensation $124,000 $62,000 $186,000

Note: Figures may not sum due to rounding.

Sources: JobsEQ and Texas Comptroller of Public Accounts

Unfortunately, cybercriminals see Texas’ large, ever-growing population simply as a large and ever-growing pool of potential targets. The state’s colleges and universities have continued to develop nationally recognized programs that produce the highly skilled professionals needed to address these challenges while creating high-wage, high-demand jobs for Texans. During the 2017 academic year, these programs awarded more than 440 degrees for Information Security Analysts as well as thousands of degrees for workers in other IT occupations.  

Texas’ cybersecurity educational programs train workers that enter almost every industry of the state economy. But they also contribute greatly to the cybersecurity industry itself — an industry so new it has yet to be defined by NAICS. Based on the Comptroller’s analysis, the cybersecurity industry employs about 130,000 Texans and contributes a minimum of $35.5 billion in GSP. The creation of a single job in cybersecurity generates one additional job, $187,000 in sales or economic output and $62,000 in compensation for the Texas economy.


End Notes

Links are correct at the time of publication. The Comptroller's office is not responsible for external websites.

  1. Drawn from U.S. Federal Bureau of Investigation, Internet Crime Complaint Center.
  2. National Security Agency, Central Security Service, “Centers of Academic Excellence in Cyber Operations.”
  3. Job titles reported under Information Security Analysts (Standard Occupational Classification 15-1122) include Computer Security Specialist, Information Systems Security Officer, Information Security Manager, Information Security Analyst, Security Analyst, Information Systems Security Analyst, Systems Analyst, Systems Administrator, Security Specialist and Security Director.
  4. Awards flow into other occupations including Computer and Information Systems Managers (11-3021), Database Administrators (15-1141), Network and Computer Systems Administrators (15-1142), Computer Network Architects (15-1143), Computer Network Support Specialists (15-1152), Computer Occupations, All Other (15-1199), Computer and Information Research Scientists (15-1111), Computer Systems Analysts (15-1121), Software Developers, Applications (15-1132) and Software Developers, Systems Software (15-1133).
  5. The Comptroller’s office defines the cybersecurity industry as establishments or firms that primarily provide products and services designed to enhance and protect computers, networks, programs and data from unintended or unauthorized access of destruction and that sell their products and services to customers external to the immediate organization.
    It is important to note that, as with any other industry, cybersecurity employs workers from various occupations, some of whom do not perform cybersecurity or even IT-related job duties. Jobs in these various occupations are classified in the cybersecurity industry because they are in a firm whose main product or service produced is cybersecurity.
  6. The Comptroller’s office used JobsEQ, an economic modeling software, to create a custom industry group of existing North American Industry Classification System codes closely related to the provision of cybersecurity related products and services that also have the highest concentrations of Information Security Analysts (15-1179): Computer Systems Design and Related Service (5415), Management, Scientific and Technical Consulting Services (5416) and Scientific Research and Development Services (5112). Visit the U.S. Census Bureau’s NAICS index to learn more about the definitions of each NAICS code.
  7. The multiplier effect discussed in this analysis is based solely on the number of jobs added in the industry and does not differentiate effects by occupation.
  8. Based on the combined “indirect” multiplier effects on industries that supply goods and services to the industry and “induced” multiplier effects on industries that sell local goods and services, such as housing, food or entertainment, to workers in the industry and its suppliers.

Questions?

If you have any questions or concerns regarding the material on this page, please contact the Comptroller’s Data Analysis and Transparency Division.