IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

SMBs expected to suffer as cyber security salaries equalise across the UK

Smaller businesses stand to lose out on top talent as post-pandemic hybrid and remote working setups drive salaries closer to London levels

IT employers outside of London are expected to face “considerable” challenges in meeting the increasingly equalised salaries in the cyber security industry as a result of a post-pandemic rise in remote and hybrid working.

COVID-19 gave rise to widespread hybrid working conditions which are now being adopted on a more permanent basis across the industry, leading to more equal salaries in companies in and outside of the M25.

“I’ve just worked for a client based in Wales who had to compete with London salaries because their candidates were working remotely,” said one recruitment agent in an annual report into the UK’s cyber security labour market, published by the Department for Culture, Media, and Sport (DCMS).

Wales was the UK region with the steepest rise in average cyber security salaries in 2021, with a £5,300 (12%) rise compared to the previous year.

Scotland and the East of England comprised the second and third regions with the highest salary increases - 7.6 and 4.8% respectively, while the North East, South West, and East Midlands were the only three to show falls in the average cyber salary.

The overall average salary for a cyber security job rose to £60,100, a rise of £900 (1.5%) compared to 2020’s data, and the average salary is 34% higher than the average IT remuneration package.

While more equal salaries across regions in the UK are presenting challenges for smaller employers struggling to meet both the need for cyber security talent and the salary demands of the right candidates, the report suggests there are positives to the development.

The ability to work from anywhere in the country, across a broad range of different roles in cyber security, is expected to have a positive impact on workforce diversity, the DCMS report said.

There is data to show diversity is being addressed positively, with the numbers of women, ethnic minorities, disabled, and neurodiverse people working in the industry rising, but the figures still point to a male-dominated sector and this is especially true in more senior roles.

The rising salaries and employers’ willingness to facilitate remote or hybrid work contracts could be an indication of the lengths companies will go to secure the necessary cyber security talent.

Compared to 2020’s data, the DCMS said the demand for skilled cyber security practitioners has risen “significantly” with 2021’s figures showing an average of 4,400 more cyber security job listings posted every month - a 58% increase.

Related Resource

Achieving the balance

Why hybrid work is the future for modern workplaces

Whitepaper cover with image of blue layers of paperFree Download

There are around 7,500 new entrants to the cyber job market each year, the report said, but this is somewhat offset by the circa 4,600 individuals leaving the market annually. The shortfall in talent is being further supported by an industry trend of increasing acceptance of entry-level candidates, with figures up to 18% compared to 2020’s 12%.

Recruiters also said the hunt for top talent is being impeded by poorly written job specifications - a common theme according to those surveyed - and the rise in remote work leading to smaller employers unable to meet the rising salary demands.

Among the other key takeaways from the annual report was that employers are experiencing difficulty in attracting cyber security talent with complementary skills. 

Such qualities include the softer skills such as communication and leadership - the ones many reports from years gone by have suggested are missing in many IT applicants - as well as broader skills like marketing, sales, and writing for technical reports.

Recommendations for a resolution of issues

The DCMS said the recommendations outlined in last year’s report still stand since many of the key highlights from the report are repeats of previous years that have become more challenging with time.

Among the recommendations is a heightened need to communicate the importance of cyber security at the board level, promote cyber awareness across a business, and add soft skills to the Chartered Cyber Professional certification.

Job adverts need to be clearer, smaller businesses are encouraged to build relationships with local schools and universities to attract burgeoning talent, and recruiters should play a role in tackling diversity issues.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022