SMBs expected to suffer as cyber security salaries equalise across the UK
Smaller businesses stand to lose out on top talent as post-pandemic hybrid and remote working setups drive salaries closer to London levels
IT employers outside of London are expected to face “considerable” challenges in meeting the increasingly equalised salaries in the cyber security industry as a result of a post-pandemic rise in remote and hybrid working.
COVID-19 gave rise to widespread hybrid working conditions which are now being adopted on a more permanent basis across the industry, leading to more equal salaries in companies in and outside of the M25.
“I’ve just worked for a client based in Wales who had to compete with London salaries because their candidates were working remotely,” said one recruitment agent in an annual report into the UK’s cyber security labour market, published by the Department for Culture, Media, and Sport (DCMS).
Wales was the UK region with the steepest rise in average cyber security salaries in 2021, with a £5,300 (12%) rise compared to the previous year.
Scotland and the East of England comprised the second and third regions with the highest salary increases - 7.6 and 4.8% respectively, while the North East, South West, and East Midlands were the only three to show falls in the average cyber salary.
The overall average salary for a cyber security job rose to £60,100, a rise of £900 (1.5%) compared to 2020’s data, and the average salary is 34% higher than the average IT remuneration package.
While more equal salaries across regions in the UK are presenting challenges for smaller employers struggling to meet both the need for cyber security talent and the salary demands of the right candidates, the report suggests there are positives to the development.
The ability to work from anywhere in the country, across a broad range of different roles in cyber security, is expected to have a positive impact on workforce diversity, the DCMS report said.
There is data to show diversity is being addressed positively, with the numbers of women, ethnic minorities, disabled, and neurodiverse people working in the industry rising, but the figures still point to a male-dominated sector and this is especially true in more senior roles.
The rising salaries and employers’ willingness to facilitate remote or hybrid work contracts could be an indication of the lengths companies will go to secure the necessary cyber security talent.
Compared to 2020’s data, the DCMS said the demand for skilled cyber security practitioners has risen “significantly” with 2021’s figures showing an average of 4,400 more cyber security job listings posted every month - a 58% increase.
Achieving the balance
Why hybrid work is the future for modern workplacesFree Download
There are around 7,500 new entrants to the cyber job market each year, the report said, but this is somewhat offset by the circa 4,600 individuals leaving the market annually. The shortfall in talent is being further supported by an industry trend of increasing acceptance of entry-level candidates, with figures up to 18% compared to 2020’s 12%.
Recruiters also said the hunt for top talent is being impeded by poorly written job specifications - a common theme according to those surveyed - and the rise in remote work leading to smaller employers unable to meet the rising salary demands.
Among the other key takeaways from the annual report was that employers are experiencing difficulty in attracting cyber security talent with complementary skills.
Such qualities include the softer skills such as communication and leadership - the ones many reports from years gone by have suggested are missing in many IT applicants - as well as broader skills like marketing, sales, and writing for technical reports.
Recommendations for a resolution of issues
The DCMS said the recommendations outlined in last year’s report still stand since many of the key highlights from the report are repeats of previous years that have become more challenging with time.
Among the recommendations is a heightened need to communicate the importance of cyber security at the board level, promote cyber awareness across a business, and add soft skills to the Chartered Cyber Professional certification.
Job adverts need to be clearer, smaller businesses are encouraged to build relationships with local schools and universities to attract burgeoning talent, and recruiters should play a role in tackling diversity issues.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download