2022 Cyber Security Salary & Recruitment Trends Guide
The war for talent: current labour market trends
In 2020, the UK suffered its biggest economic slump since records began, with GDP plummeting 20.4% across the second quarter of the year due to the impact of Covid-19.
As in most downturns, businesses initially curtailed recruitment. Throughout most of 2020, employment growth declined and unemployment rose. The KPMG/REC graph below shows the steep and protracted contraction in permanent placements especially, with only a few bright spots of growth during times when some restrictions were temporarily lifted.
However, in contrast to the 2008 financial crisis, the UK labour market has rebounded quickly and sharply. By October 2021, employment had returned to pre-pandemic levels and went on to surpass them. At the time of writing, the latest ONS figures show record increases in both job-to-job moves and people transitioning from unemployment to employment.
Demand for talent has risen steadily in 2021. To gain better insight into what is driving recruitment trends, in-depth surveys with both clients and candidates were carried out across several disciplines.
The results show that candidate availability has become increasingly strained as the war for talent intensifies, with 95% of employers reporting difficulties in finding the right people.
Pay demands are the biggest stumbling block; almost two-thirds of companies said they are struggling to meet candidates’ salary expectations. But nearly six in 10 employers also believed a lack of technical skill and/or regulatory knowledge among applicants was creating recruitment challenges.
Furthermore, more employers are suggesting that candidates are not a good cultural fit for their organisation. Broader changes in how businesses operate in a post-Covid world seem to be creating other concerns, with a growing number of companies claiming remote working demands and candidate location are exacerbating talent shortages.
Against this backdrop, it’s perhaps unsurprising that candidates are upbeat about their job prospects. In fact, an overwhelming 96% admitted they are confident in how the recruitment landscape is shaping up.
Interim staff are a popular way for businesses to bridge workforce gaps in their organisation, particularly when there are widespread talent shortages.
Some 57% of employers who responded to the survey said they were currently utilising contract or temporary resources, with contract lengths typically varying between four and 12 months.
According to the data, nearly half of contractors receive day rates ranging between £600 and £800.
The primary motivation for hiring contractors has been the need for support on specific projects. Short-term cover for staff absences and access to subject matter expertise were also commonly cited reasons.
Meanwhile, increasing workloads is encouraging a sizable minority of businesses to hire contractors to maintain business as usual (BAU) operations.
However, one of the biggest factors affecting contract recruitment in recent years has been the implementation of changes to IR35 regulations, which came into force in April 2021 after a one-year delay.
The impact of IR35
There was a mixed approach to the IR35 reforms among employers. A slight majority chose to deem all contractors as ‘inside IR35’, while the remainder made determinations on a case-by-case basis.
In the lead-up to April 2020 – and for several months afterwards – there was a significant drop in the number of temporary roles registered by clients.
Across multiple disciplines, temp jobs and placements hit an all-time low in Q2 2021, although fixed-term contracts (FTCs) were initially favoured among employers who wanted to avoid IR35 issues.
But as the labour market continued to tighten throughout 2021, there was a notable rise in temp roles and placements, as well as a corresponding decline in the number of contractors willing to commit to FTC arrangements. FTCs are generally unpopular with candidates, who are often receiving the worst of both worlds – a lack of long-term job security and no pay premium for accepting this risk.
Meanwhile, organisations that require the highly specialised skills and flexibility of contractors are now turning to consultancies, which can provide the necessary resources via outcomes-based consultancy services using statements of work.
Overall, however, the IR35 changes seem to have had less of a lasting impact on contract recruitment than many anticipated. Only 13% of candidates said they had missed out on a desired contractor position because of the updated regulations, with many choosing to avoid ‘inside IR35’ roles entirely.
There has been a small but consistent rise in contractor day rates across some sectors, alongside an increased willingness among businesses to agree PAYE day rates exclusive of employers’ national insurance and other payroll charges.
That said, every industry is different, and a number of career contractors have said they are now considering permanent roles because they are unable to maintain the same level of income following changes to IR35.
Over the longer term, it is expected that both businesses and candidates will be keeping a careful eye on any legal precedents that may emerge regarding IR35 designations and the use of consultancies to provide skills through statements of work.
Attitudes to employment policies
The Covid-19 pandemic forced many companies to transform their approach to working from home.
And despite the considerable challenges of shifting entire workforces to remote working set-ups almost overnight, most organisations handled the transition with aplomb. Indeed, many people have reported they are happier working from home.
Are these changes here to stay? Only time will tell, but the research indicates there is significant support among candidates for better flexible working policies.
A huge majority (93%) said a company’s stance on remote working was a key factor when choosing a new job or deciding whether to stay with their current employer.
That is not to say employees necessarily want fully remote roles but our conversations with candidates reveal a variety of preferences, and a hybrid 3:2 approach (three days in the office, two days at home) is usually popular.
Employers also seem keen on the hybrid approach; the majority of organisations that we surveyed have continued to allow staff to work from home two or three days a week since lockdown restrictions were lifted.
Less than one in ten businesses have mandated a full return to the office, and this has resulted in staff resignations in some cases.
Looking ahead, there are fears among employers that their flexible working policies could hamper their ability to attract and retain top talent. Nearly half (46%) of organisations had these concerns – a figure that is only likely to increase as competition intensifies for a limited pool of candidates.
“Companies that previously would not have considered any form of remote working are now fully engaged with the model. And those that would never usually have hired someone beyond a daily commuting distance, now do, even at the most senior executive levels,” Barclay Simpson CEO Dean Spencer said.
“Ultimately, while salaries are a key component of any employment offering, they are only part of the package and companies have had to respond to changes in the market.”
Candidate shortages are creating upward pressure on salaries across many industries in the UK. In 2021, there were record increases in starting salaries and temporary staff pay, according to the KPMG and REC monthly Report on Jobs.
October saw the fastest rise in starting remuneration since the organisations began collecting data in 1997. This record was promptly beaten the following month, with KPMG/REC also reporting the fifth sharpest decline ever in candidate availability.
This scarcity of talent is clearly evident across the sectors and disciplines that we specialise in. As previously mentioned, almost all the employers in the survey said it is either difficult or very difficult to find the right talent in today’s landscape.
Furthermore, only 10% of organisations believe candidates’ remuneration expectations are closely aligned with the salary bandings their company can provide.
It is not unusual for candidates to seek salary increases of 25% or more before they will consider moving from their current employer. And in situations where employers are unable to find the talent they want within a specific salary range, they will typically need to adjust either their budget or their expectations – or choose not to hire at all.
For roles where remote working is possible, companies are starting to offer applicants the same salary regardless of their location. Moreover, candidates are becoming increasingly unwilling to accept a lower salary in exchange for remote working opportunities, as these benefits are now considered the norm rather than the exception.
This is creating a small ‘levelling up’ effect between the north and south of the UK, which could become more pronounced if suitable candidates continue to be in short supply.
Understandably, employers are keen to retain their existing employees amid current talent shortages. Our surveys revealed they intend to increase base salaries by an average of 6% to hold on to staff. But this may not be enough when some candidates are being offered up to 35% more to switch roles.
Bonuses and Benefits
Bonuses continue to be a standard part of remuneration packages for the sectors covered in this research. Nearly all of the employers polled said they would be offering bonuses in the next 12 months.
On the whole, bonus levels have remained relatively stable when compared with previous years. The average bonus received was equal to 19% of an employee’s base salary, with employers also typically contributing 10% of an individual’s pay towards a pension.
There are some outliers, with hedge funds a notable exception. They often either significantly benefited from the volatility of markets during the early waves of the pandemic, which boosted bonuses, or were forced to make redundancies where fund performances faltered.
More broadly, greater focus on bonuses and benefits is being seen as businesses attempt to attract and retain top talent. This includes a larger proportion of employers guaranteeing bonuses for candidates who switch roles.
Offering better perks is partly to help offset salary demands, but it also reflects evolving attitudes to remote working, with a growing number of candidates seeking a greater work-life balance.
Among the candidates polled, the most commonly reported compensation and benefits are bonuses, private healthcare and flexible working. Cycle-to-work schemes and the opportunity to take time off to do charity work were also frequently offered by employers.
Benefits and Perks on Offer
Employees weigh in on current benefits packages with their current employers.
Cyber Security Salaries
These salary guide tables provide indicative base salary ranges for positions in specialist areas across locations which provide enough data to give meaningful figures. They are not comprehensive.
|Area||CISO (Global/EMEA)||Cyber Security Director||Head of IT Risk|
|London||£180,000+||£130,000 - £200,000||£130,000 - £200,000|
|South East||£180,000+||£130,000 - £200,000||£130,000 - £200,000|
|Regional||£170,000+||£120,000 - £180,000||£120,000 - £180,000|
|Contract day rate||£900 - 1,200||£800 - 900||£800 - 900|
|Area||Head of GRC (Cyber Risk)||Head of Information Security (dept. above 10+)||Head of Information Security (dept. under 10+)|
|London||£100,000 - £140,000||£150,000+||£100,000 - £160,000|
|South East||£100,000 - £140,000||£150,000+||£100,000 - £160,000|
|Regional||£90,000 - £130,000||£130,000+||£80,000 - £140,000|
|Contract day rate||£750 - 850||£800 - 900||£700 - 800|
|Area||Head of Security Architecture||Head of Security Operations||Head of Incident Response|
|London||£130,000 - £200,000||£80,000 - £120,000||£90,000 - £140,000|
|South East||£130,000 - £200,000||£80,000 - £120,000||£90,000 - £140,000|
|Regional||£110,000 - £170,000||£70,000 - £110,000||£80,000 - £120,000|
|Contract day rate||£900+||£900+||£900+|
Governance, Risk and Compliance
|Area||Business Information Security Officer||Information Security Manager (team above 5+)||Information Security Manager (team under 5+)|
|London||£90,000 - £130,000||£95,000 - £120,000||£80,000 - £95,000|
|South East||£90,000 - £130,000||£95,000 - £120,000||£80,000 - £95,000|
|Regional||£75,000 - £110,000||£80,000 - £110,000||£70,000 - £85,000|
|Contract day rate||£600 - 800||£600 - 800||£600 - 800|
Governance, Risk and Compliance continued...
|Area||Information Security Officer||IT Risk Manager||Third Party Risk Lead|
|London||£80,000 - £120,000||£85,000 - £120,000||£75,000 - £100,000|
|South East||£80,000 - £120,000||£85,000 - £120,000||£75,000 - £100,000|
|Regional||£70,000 - £110,000||£75,000 - £110,000||£65,000 - £90,000|
|Contract day rate||£600 - 800||£600 - 800||£550 - 750|
Governance, Risk and Compliance continued...
|Area||Information Security Analyst, GRC||Information Security Analyst, GRC (exp. Below 4+ years)|
|London||£60,000 - £75,000||£50,000 - £60,000|
|South East||£60,000 - £75,000||£50,000 - £60,000|
|Regional||£45,000 - £65,000||£35,000 - £50,000|
|Contract day rate||£500 - 600||£400 - 550|
Technical Security/Security Architecture & Engineering
|Area||Application Security Architect||Application Security Engineering||DevSecOps Engineer||Information Security Engineer|
|London||£100,000 - £125,000||£85,000 - £110,000||£85,000 - £110,000||£70,000 - £90,000|
|South East||£100,000 - £125,000||£85,000 - £110,000||£85,000 - £110,000||£70,000 - £90,000|
|Regional||£90,000 - £120,000||£75,000 - £100,000||£75,000 - £100,000||£65,000 - £85,000|
|Contract day rate||£700 - 900||£600 - 750||£600 - 750||£550 - 650|
Technical Security/Security Architecture & Engineering continued...
|Area||Information Security Engineer 2||Cloud Security Architect||Enterprise Security Architect|
|London||£85,000 - £100,000||£90,000 - £120,000||£100,000 - £125,000|
|South East||£85,000 - £100,000||£90,000 - £120,000||£100,000 - £125,000|
|Regional||£75,000 - £95,000||£80,000 - £110,000||£90,000 - £120,000|
|Contract day rate||£700 - 800||£650 - 850||£700 - 900|
Technical Security/Security Operations & Incident Response
|Area||Deputy Head of Security Operations||Cyber Defence Analyst||Cyber Threat Intelligence Analyst|
|London||£70,000 - £95,000||£50,000 - £65,000||£40,000 - £75,000|
|South East||£70,000 - £95,000||£50,000 - £65,000||£40,000 - £75,000|
|Regional||£65,000 - £85,000||£40,000 - £55,000||£30,000 - £60,000|
|Contract day rate||£700 - 900||£450 - 650||£550 - 650|
Technical Security/Security Operations & Incident Response continued...
|Area||Incident Response Analyst||Incident Response Manager||Security Operations Analyst|
|London||£50,000 - £60,000||£65,000 - £85,000||£45,000 - £60,000|
|South East||£50,000 - £60,000||£65,000 - £85,000||£45,000 - £60,000|
|Regional||£40,000 - £50,000||£55,000 - £75,000||£35,000 - £50,000|
|Contract day rate||£550 - 650||£600 - 800||£500 - 600|
Technical Security/Security Operations & Incident Response continued...
|Area||Security Operations Manager||Senior SOC Analyst||Senior Threat and Vulnerability Specialist|
|London||£60,000 - £85,000||£60,000 - £75,000||£65,000 - £85,000|
|£60,000 - £85,000||£60,000 - £75,000||£65,000 - £85,000|
|Regional||£50,000 - £75,000||£50,000 - £65,000||£50,000 - £75,000|
|Contract day rate||£600 - 800||£500 - 650||£600 - 800|
Technical Security/Penetration Testing
|Area||Entry Level Penetration Tester||Mid Level Penetration Tester||Manager Level Penetration Tester|
|London||£25,000 - £35,000||£50,000 - £70,000||£70,000 - £100,000|
|South East||£25,000 - £35,000||£50,000 - £70,000||£70,000 - £100,000|
|Regional||£20,000 - £30,000||£45,000 - £65,000||£70,000 - £100,000|
|Contract day rate||£300 - 400||£500 - 650||£650+|
Data Protection & Privacy
|Area||Head of Data Protection||EMEA Data Protection Officer||Data Governance Manager|
|London||£80,000 - £100,000||£110,000 - £130,000||£80,000 - £100,000|
|South East||£80,000 - £100,000||£110,000 - £130,000||£80,000 - £100,000|
|Regional||£75,000 - £95,000||£100,000 - £120,000||£70,000 - £90,000|
|Contract day rate||£550 - 650||£650 - 750||£575 - 675|
Data Protection & Privacy continued...
|Area||Data Protection Analyst||Data Privacy Advisor||Data Protection Officer|
|London||£45,000 - £50,000||£60,000 - £75,000||£100,000 - £150,000|
|South East||£45,000 - £50,000||£60,000 - £75,000||£100,000 - £150,000|
|Regional||£35,000 - £45,000||£50,000 - £70,000||£90,000 - £140,000|
|Contract day rate||£300 - 400||£450 - 550||£600 - 800|
Data Protection & Privacy continued...
|Area||Senior Data Oversight Manager||Privacy Manager||Global Privacy Counsel|
|London||£80,000 - £90,000||£60,000 - £80,000||£110,000 - £140,000|
|South East||£80,000 - £90,000||£60,000 - £80,000||£110,000 - £140,000|
|Regional||£70,000 - £80,000||£50,000 - £70,000||£100,000 - £130,000|
|Contract day rate||£550 - 650||£400 - 550||£700 - 800|
Based on research published in January 2022 by Barclay Simpson, an international company in internal audit and corporate governance recruitment.