The UK Cybersecurity Salary Survey 2022 ­anonymously polled 1,200 cybersecurity executives throughout November and December 2021.

The research revealed that the highest paid job roles on average are… penetration testing (£102,000) and security architecture (£93,750).

Across the cybersecurity sector, salaries are high relative to the general UK population (average wages in 2021 were £31,772 pa, according to the Office for National Statistics). This trend reflects both the highly skilled nature of the cyber sector and flush levels of industry demand.

Download the full salary list here

A starting-level security architecture executive is on an average annual pay packet of £61,000, while a mid-level security architecture leader takes home £93,750 p.a. and execs with 20-plus years’ experience take home £173,000.

A beginner penetration testing executive has an annual wage of £59,000, while a mid-level penetration testing leader receives £102,000. 

For comparison, a starting-level governance, risk and compliance (GCR) executive’s pay packet is on average £49,500, while a mid-level GCR leader earns £77,375, p.a. and GCR execs with 20-plus years’ experience take home £145,000.

Ken Morrice, founding managing partner at London-based recruitment company MM Search, told SC Media UK, that 21 percent of the roles he has worked on in the last quarter are IT jobs.

“It’s a rise we have never seen before,” he says. “We predict that 2022 will see the requirement for qualified tech talent hit new heights. 

“With digital security, data protection, and cyber security key requirements for business, the demand to secure staff that will protect a business’s digital assets is stronger than ever.”

“Simply not enough people”

 Erika Lance, chief human resources officer at cybersecurity firm KnowBe4, said there are “simply not enough people in these sectors”.

“Cybersecurity specialists require a lot of training and most companies do not have programmes to develop their own cybersecurity professionals,” Lance says.

 Tim Grieveson, CISO at industrial software company AVEVA, says that penetration testing and security architecture are “key roles” that are often missing in many organisations.

“These roles are essential to measuring risk, creating visibility and action plans for improvement and action,” Griveson says. “So, more organisations are starting to see the value of moving from reactive to proactive security.”

High bar

Martin Tyley, head of UK cybersecurity at management consultants KPMG, said security architecture and penetration testing are “highly skilled and highly in demand” roles.

“For security architecture, there’s a whole set of qualifications that people need to have in that industry. It’s a really high bar to get thorough and be qualified to work in. They will have made a lot of investment in their own skills. At their best, they can take all the requirements that a business has and then map that into a technical world.

Azeem Aleem, managing director, Northern Europe, at cybersecurity firm Sygnia, says that improving organisational cybersecurity is a “continuous and iterative” journey.

“Companies need security architects to guide them by becoming trusted advisors. With the recent change in working dynamics, there is a dire need to refresh UK security architecture.”

Download the full UK Cybersecurity Salary Survey 2022 by Cybershark Recruitment in partnership with SC Media here

The UK Cybersecurity Salary Survey 2022 polled 1,200 infosec leaders across England, Scotland and Wales from November–December 2021. The online survey was conducted anonymously.