We’re paid pretty well in cybersecurity – but which roles command six-figure remuneration?
The UK Cybersecurity Salary Survey 2023 by Cybershark Recruitment anonymously polled 2,300 executives.
The research, conducted in partnership with SC Media UK, revealed that the highest paid jobs are in governance, risk and compliance (up to £230,000 pa), cloud security (up to £222,500), incident response (up to £155,000), and identity and access management (up to £140,000).
In terms of salary rises year-on-year from 2021 to 2022, the highest wage increases were in incident response (10.8%), identity and access management (10.3%) and governance, risk and compliance (6.6%) in 2022.
Download the full salary list here
A starting-level governance, risk and compliance (GRC) executive can expect an average annual pay packet of £37,500, while a mid-level GRC leader takes home £80,375, and execs with 20-plus years’ experience collect £195,000.
A starting incident response executive can expect average annual wages of £54,250, while a mid- incident response leader receives £96,500.
A beginner identity and access management (IAM) executive has an annual wage of £45,000, while a mid-level IAM leader receives £82,500, and execs with 20-plus years’ experience take home £130,000.
'Driven by need'
Amanda Finch, CEO of the Chartered Institute for Information Security (CISSec), commented that increased demand and salary increases are ultimately driven by need.
Finch told SC Media UK: “Over the last year, we’ve seen a marked increase in supposed nation-state activity; ransomware; and ongoing news of new regulatory frameworks such as the new UK data protection laws.
“At the same time, the financial crisis is making businesses more aware in general of the need to respond to incidents quickly, the need to protect data and systems from bad actors, and the need to avoid falling foul of regulation. In this environment, it seems quite natural that these skills will be in demand.”
Emma Leith, director of consulting, Bridewell, added the scale and number of successful attacks with direct impact on business operations are growing.
“The ability to respond to these incidents effectively (IR), protect the modern security boundary (IAM), and govern accordingly (GRC), continues to be vital,” Leith said.
“Salary increases are simply driven by demand and the need to attract these skills from a small pool of talent. This is, however, likely to level out over time,” she added.
Download the full salary list here
Dan Baker, chief delivery officer at Adarma, said ‘identity’ has become the primary control surface, underpinning high salaries in the IAM sector.
Baker added: “Understanding the identity of the user and asset is key, especially if looking to implement zero trust strategies. It stands to reason that IAM skills, and those connected to operating IAM technologies, will be in high demand.
“As IAM is a relatively new development, these skills are in short supply. In conclusion, it’s a very important hot topic and necessary to the achievement of a strategic goal, but there are aren’t many people with the skills to make it happen.”
Azeez Aleem, managing director for Sygnia Northern Europe, said the high annual salary increase for incident response workers is to be expected.
“In the last twelve months, we have seen a substantial increase in ransomware attacks. Companies have struggled to map actionable intelligence,” he said.
According to Aleem, in order to minimise breach exposure time, companies are increasingly looking to develop inhouse incident response skills.
“The demands on incident response companies to provide prompt resolution is increasing day by day. This requires enhanced skills,” he said.
Revealed: UK cybersecurity salaries by location 2023
The cyber salary gender gap is closing, slowly
Cyber workers stay in jobs for less than two years amid ‘great resignation’
Nearly all cyber job benefits reduced in 2022, says survey
Download the full UK Cybersecurity Salary Survey 2023 by Cybershark Recruitment in partnership with SC Media here
The UK Cybersecurity Salary Survey 2023 polled 2,300 cyber execs across England, Scotland and Wales from November–December 2022. The online survey was conducted anonymously.