UK cyber-security professionals are getting well above-average salary rises, but companies are being forced to hire security staff with less experience, according to a new survey.
Te data, from recruitment firm Morgan McKinley's latest 2014 Salary Survey, shows that salaries for information-security specialists at every level of experience are rising significantly faster than average UK pay.
According to the company, salaries for professionals getting new jobs in London – not just cyber-security pros – are currently rising at around 19 percent, while average UK salaries are growing at just one percent.
Morgan McKinley IT associate director Cem Baris told SCMagazineUK.com: “There is definitely an increase in salaries and demand for cyber-security professionals.”
Baris explained: "We have seen an increase in demand for highly skilled IT professionals in almost every sub-sector. Cyber-security - with dominant program requirements being Hadoop, Python and R - big data, business intelligence and application development are all in high demand.”
He said the main reason why cyber-security professionals' salaries are rising above the average is the skills shortage: “At the supply end, there are not enough technologists with high-level skills to meet the growing demand. Added to which, recent new legislation that restricts the ability of UK companies to hire from outside the EU is adding to a squeeze on resourcing, leading to salary inflation.”
The downside, Baris said, is this has forced companies to drop their demands for experienced cyber-pros: “While two years ago, hirers were demanding skills as well as corporate experience, now we see a focus on skills irrespective of age and track record," he said.
The survey shows that the typical London salary for a senior-level data scientist is now £50,000-£62,000 a year, while a mid-level person can command £35,000-£45,000 and a junior data scientist £28,000-£32,000.
Experienced IT security analysts in London can expect to earn £38,500-£45,000, while their mid-level peers are on £33,000-£38.500 and juniors on £28,000-£33,000.
Outside Greater London, experienced IT security analysts are being paid £34,000-£38,000, mid-level people £30,000-£34,000 and juniors £24,000-£30,000.
Meanwhile, day rates for cyber-security analysts both in and outside London range from £225 for the lowest-paid juniors to £450 for the best-paid seniors.
Within these bands there is also a divide between the public and private sectors. Daniel Cuthbert, chief operating officer at SensePost told SC that government authorities, including the security services, were seen by many as not paying the rate for the skills they need, commenting, “They are offering say £23K for a good security analyst who might get up to £100k in the private sector in London. I have friends who would like to work in the security services, but they pay London mortgages and can't afford to take the pay cut.”
As well as the skills shortage, another trend producing higher demand for cyber-security and other IT skills, says Morgan McKinley, is “the vibrancy of the UK's technology start-up scene, with significant growth hubs in London, Cambridge, Oxford and Manchester”.
And more specifically, the Big Four of Deloitte, PwC, EY and KPMG have seen their consultancy businesses grow by 16 percent in the last 12 months, with the bulk of that growth in technology-related fields, the company says.
Commenting on the findings, Tim Holman, president of the ISSA-UK cyber security professionals organisation and CEO of security firm 2-sec, said cyber-security people deserve every penny they get.
He told SCMagazineUK.com via email: “It's not so much ‘demand' that's pushing up salaries, it's the accountabilities and responsibilities that come with these jobs. Being a cyber-security professional isn't easy. You need to be pretty thick-skinned and work to tight and often unexpected schedules.
“We're pretty much on the front line when it comes to defending the companies we work for, and this demands a certain type of individual.
“I do think we get pulled into projects at the last minute a lot of the time, which can often explain the salary hikes and high contract rates that are needed to get professionals ‘on-project' the next day”.
Amar Singh, CEO and founder of the Cyber Management Alliance and Give A Day, said the skills shortage is down to factors including poor educational priorities, lack of training investment and a failure to recruit women
He told SCMagazineUK.com via email: “The results are not surprising. The reality is that academia is just not keeping up with what business needs and therefore students are not coming out of university business-ready.
“In addition, companies are not investing in up-scaling their existing staff and are always looking outside rather than inside. Invest in and believe in your people. I've seen incidences where personal assistants have turned into good technologists.”
Singh added: “Another reason for the skills shortage is the industry not looking at women. The amount of women in IT and security is still really low. This goes back to companies investing in their people and education.
“They also need to invest in cyber-awareness and knowledge at the board level. You cannot expect senior management to lead a group of technologists if they don't have a core understanding of what it means to be cyber-ready.”
Baris at Morgan McKinley added: "This trend upwards of salaries for skilled IT professionals is one we believe will continue.
“Technologies are moving fast and companies are keen to ensure they take advantage of the new opportunities these offer, while there are not enough STEM (science, technology, engineering and mathematics) graduates coming into the workplace from UK universities to fulfil these opportunities. The result will be higher remuneration for those with the IT skills most in demand."