Cybersecurity professional salary has increased by 6% in just one year, double the UK national average of 2.9%. The pay jump is being driven by an increasing number of global cyber threats and a shortage of cyber experts to combat them.
Demand for cybersecurity experts has grown in recent years as the world becomes increasingly connected. In response, cybercriminals, as well as politically motivated attacks, have amplified their efforts in both scope and scale.
The research, conducting by cybersecurity recruitment consultancy Acumin, comes as the National Cyber Security Centre (NCSC) published its second annual review today. The report revealed it has dealt with more than 10 major attacks a week in the last two years.
It notes that most of these have been traced to “nation-states in some way hostile to the UK”, adding that there is “little doubt” that a major life-threatening incident will take place in the near future.
On 4 October it emerged that a Russian cyberattack unsuccessfully targeted the headquarters of the international weapons watchdog, as well as the UK’s Porton Down chemical weapons facility. Both have been investigating the Salisbury Novichok poisoning that took place in April.
“The NCSC’s Annual Review comes at a perfect time: cybersecurity is front of mind, with recent high-profile incidents at Facebook, Google+ and Reddit demonstrating both the far-reaching consequences of poor cyber hygiene and the subsequent impact a hack or breach can have on us all,” said Etienne Greeff, CTO and co-founder, SecureData.
However, as criminals increasingly turn to digital opportunities, there are not enough cybersecurity professionals to meet them.
The ISACA, a non-profit information security advocacy group, predicts a global shortage of two million cybersecurity professionals by 2019.
While the UK cybersecurity workforce has grown by 163% in the past five years, bolstering numbers to 58,000 professionals, there is still concern among MPs and businesses about the cybersecurity skills gap.
Cybersecurity professional salary: Public sector fails to keep up
The public sector – whose pay was largely frozen between 2010 and 2017 – is struggling to match the private sector for pay. Instead, it’s being forced to employ contractors at expensive day rates.
“Opportunities for security professionals in the public sector should be booming, especially given the government’s commitment to the National Cyber Security Strategy and GCHQ’s recent drive to recruit 2,000 roles to deal with the threat of nation-state actors,” said Simon Hember, group business development director at Acumin.
“However, it’s no surprise that the public sector is struggling to offer the salaries, and attractive packages that can be offered by private sector organisations or indeed well-funded security start-ups,” he added.
Hember recommends training public sector workers and upskilling workers from within, as well as encouraging benefits such as flexible working.
Elsewhere in the research, data protection officers have seen a salary increase of 15% in both the public and private sector as the rollout of the General Data Protection Regulation in May puts greater emphasis on data security.
“With the pressures brought down on organisations by the GDPR, professionals with skills in compliance and process are commanding record salaries,” said Hember.
The biggest salary increase, however, was among awareness managers, who are responsible for security education and user awareness programmes. They saw a 20% increase on 2017 levels to a salary of £60,000 to £90,0000.
At the lower end, the information security officer received an average pay rise of just 1.5%, closely followed by application security specialists and product directors, both with a 2% rise.