Does not really matter why, but i worked with a team that looked 400 organisations around the world (large, medium, all verticals, etc) and reviewed (using a power linkedin profile) for each one of them:
1/ how many employees they have
2/ how many have the “CISO” title
3/ how many have the “security” title
We looked at other things, but im only allowed to share this bit.
Average Sec. team: %0.5 of total workforce
Max Sec. Team: %8 of total workforce
So according to this numbers, for every 1000 employees 5 should have something to do with “Security”…
ps. none of the companies analysis is specialised in security.