Skip to content

Search the site

Cybersecurity salaries stagnate, even as organisations wring hands

There's a skills shortage, there's heavy churn, you want what?

Many readers will be sick to their back teeth of hearing about an IT skills shortage, even if they do have to tackle the twin challenges of a relentless need for skilled people (“we are in one of the hottest tech markets that I’ve ever seen in terms of attracting talent”, JPMorgan’s Group CIO Lori Beer told The Stack recently) and the need to train those whose CVs don’t translate into the real-world skills required in their organisation.

A new report by recruiters Harvey Nash reveals the extent to which this remains a live issue, with cybersecurity skills still in particularly short supply. Over a third of companies are struggling to fill security positions, the survey of nearly 6,000 technology leaders reveals – with “ethical hacker”, “information security analyst”, “CISO”, and “cybersecurity consultant” highlighted as particularly sought-after roles to fill.

Yet cybersecurity salaries are largely stagnant, it suggests, with broader IT team leadership, Quality Assurance (QA) and design/UI/UX salaries all surging most. (One senior penetration tester recently told The Stack that he was easily filling junior roles as a buzz continues to build around the perceived sexiness of the industry, but more senior talent was exceptionally hard to get -- and exceptionally expensive when you did hire.)

The hard number: a chunky 61% of security specialists have not seen a payrise over the past 12 months, the Harvey Nash tech salaries report shows, suggesting cybersecurity is still seen as a cost centre -- even as many organisations grapple with high churn and burnout.

Salary rises: Left/maroon: decrease; middle/gold: stay the same; right/blue: increase.

Bev White, Chief Executive, Harvey Nash Group, said: Technology roles are hugely important and deserve to be well paid. In today’s environment where cyber threats are an ever-present, security roles in particular are critical to the success of organisations and should be properly remunerated. But despite the key role that security specialists have played in keeping businesses protected during the unprecedented challenges of the pandemic and the move to mass homeworking, this doesn’t seem to have translated into pay rises for the majority."

"Instead, organisations have chosen to reward those individuals that have led or supported their focus on developing innovative ways in which they can pivot their business and build new systems with a customer/outward focus. This has meant that roles such as Development Management/Team Leadership and Design/UX/UI have been rewarded the most. While one can see the rationale behind this, it is vital that organisations don’t score an own goal by under-rewarding their cyber teams – and then facing an exodus of talent looking for better remuneration elsewhere. There is a balance to be achieved, but the signs are that the reward strategies of many businesses have perhaps tipped too far in one direction.”

IT salaries 2021: UK edition. Credit: Harvey Nash
IT salaries 2021: UK edition. Credit: Harvey Nash

IT salaries 2021: Healthcare leads the way

The healthcare sector (54%) led the top five sectors for tech pay rises in the last 12 months, followed by retail/leisure (50%), NGOs (43%), tech/telcos (39%), and financial services (36%).

With IT salaries 2021 (yes, that awkward formulation is some clunky SEO bait: forgive us -- sunlight is the best disinfectant) in the UK not climbing as fast as many others, those in search of a payrise could do worse than eye Ireland or Poland. Some 57% of respondents to the survey in both countries had received a recent payrise -- just 30% of British IT workers could say the same thing.

Are cybersecurity professionals -- across what is an increasingly heterogenous world -- underpaid? What have your hiring experiences been like? Email our editor and tell us your views.

See also: Hackers are getting esoteric with their C2 channels: look out for Slack API abuse and even queued print jobs