SMBs expected to suffer as cyber security salaries equalise across the UK

Mockup of a virtual environment in which a recruiter is choosing between different candidates represented by silhouettes
(Image credit: Shutterstock)

IT employers outside of London are expected to face “considerable” challenges in meeting the increasingly equalised salaries in the cyber security industry as a result of a post-pandemic rise in remote and hybrid working.

COVID-19 gave rise to widespread hybrid working conditions which are now being adopted on a more permanent basis across the industry, leading to more equal salaries in companies in and outside of the M25.

“I’ve just worked for a client based in Wales who had to compete with London salaries because their candidates were working remotely,” said one recruitment agent in an annual report into the UK’s cyber security labour market, published by the Department for Culture, Media, and Sport (DCMS).

Wales was the UK region with the steepest rise in average cyber security salaries in 2021, with a £5,300 (12%) rise compared to the previous year.

Scotland and the East of England comprised the second and third regions with the highest salary increases - 7.6 and 4.8% respectively, while the North East, South West, and East Midlands were the only three to show falls in the average cyber salary.

The overall average salary for a cyber security job rose to £60,100, a rise of £900 (1.5%) compared to 2020’s data, and the average salary is 34% higher than the average IT remuneration package.

While more equal salaries across regions in the UK are presenting challenges for smaller employers struggling to meet both the need for cyber security talent and the salary demands of the right candidates, the report suggests there are positives to the development.

The ability to work from anywhere in the country, across a broad range of different roles in cyber security, is expected to have a positive impact on workforce diversity, the DCMS report said.

There is data to show diversity is being addressed positively, with the numbers of women, ethnic minorities, disabled, and neurodiverse people working in the industry rising, but the figures still point to a male-dominated sector and this is especially true in more senior roles.

The rising salaries and employers’ willingness to facilitate remote or hybrid work contracts could be an indication of the lengths companies will go to secure the necessary cyber security talent.

Compared to 2020’s data, the DCMS said the demand for skilled cyber security practitioners has risen “significantly” with 2021’s figures showing an average of 4,400 more cyber security job listings posted every month - a 58% increase.

RELATED RESOURCE

Achieving the balance

Why hybrid work is the future for modern workplaces

FREE DOWNLOAD

There are around 7,500 new entrants to the cyber job market each year, the report said, but this is somewhat offset by the circa 4,600 individuals leaving the market annually. The shortfall in talent is being further supported by an industry trend of increasing acceptance of entry-level candidates, with figures up to 18% compared to 2020’s 12%.

Recruiters also said the hunt for top talent is being impeded by poorly written job specifications - a common theme according to those surveyed - and the rise in remote work leading to smaller employers unable to meet the rising salary demands.

Among the other key takeaways from the annual report was that employers are experiencing difficulty in attracting cyber security talent with complementary skills.

Such qualities include the softer skills such as communication and leadership - the ones many reports from years gone by have suggested are missing in many IT applicants - as well as broader skills like marketing, sales, and writing for technical reports.

Recommendations for a resolution of issues

The DCMS said the recommendations outlined in last year’s report still stand since many of the key highlights from the report are repeats of previous years that have become more challenging with time.

Among the recommendations is a heightened need to communicate the importance of cyber security at the board level, promote cyber awareness across a business, and add soft skills to the Chartered Cyber Professional certification.

Job adverts need to be clearer, smaller businesses are encouraged to build relationships with local schools and universities to attract burgeoning talent, and recruiters should play a role in tackling diversity issues.

Connor Jones
Contributor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.