How much can you earn as a cybersecurity professional in the UK?

Some people are lucky. From an early age, they know exactly what they want to do in life. They have a very specific talent or passion, or are determined to follow a dream. But many, if not most, young adults and are torn between something they would like to do, and something else that is a better option when it comes to landing a job and making a living.

For anyone with a penchant for technology and in particular IT, today’s job market is wide open. Take the next step and specialise in cyber security and your future is bright. That is the gist of a recent survey published by Cybershark Recruitment.

Cybershark Recruitment is dedicated to matching employers with the best cyber security talent in the market. Their recent publication, the CYBER SECURITY UK SALARY SURVEY 2022 is a treasure trove of statistics and valuable market insights that will interest anyone considering a career in the field of cyber security, as well as organisations seeking to employ or expand their team of security professionals. The report is based on the results of a survey conducted in 2021, with the participation of 1200 people across the UK.

Here is a summary of five of the key findings of the report.

  1. Salaries vary according to the area of cybersecurity

Cybersecurity is a complex field, not limited to IT alone. In fact, the salary report breaks down the field into 16 distinct areas. For each area, the survey examined the range of entry level salaries, and their progressive increase up to the highest level of expertise, for professionals with 20+ years of experience.

starting frommax for 20+ years
Governance, Risk & Compliance£39,500£160K
Security Architecture£53K£192K
Security Engineering£51K£153K
Incident Response£40K£152K
eDiscovery & Forensics£30.5K£135K
Security Analysis£40K£141K
Network Security£35K£123K
Critical National Infrastructure£34K£149K
Threat Intelligence£39.25K£134K
Penetration Testing£49KN/A
Technology Risk & IT Audit£34.5K£128K
Identity & Access Management£35K£145K
Cyber Resilience£30K£149K
Business Continuity Management£28K£146K
Disaster Recovery Planning£28K£146K
Cloud Security:£35K£216K

Interestingly, from entry level to expert roles, salaries were mostly lower for the more business-oriented roles such as Business Continuity Management and Disaster Recovery Planning, and higher for the more technical responsibilities, such as Security Architecture, Security Engineering, Penetration Testing and Cloud Security.

  • Some regions pay higher salaries than others

This is not surprising, as it is likely to apply to salaries across the board, in all industries, to balance the differences in the cost of living across the country. The highest salaries were recorded in London and Scotland, and the lowest in Yorkshire / Humberside and the North East. However, as companies recognise the critical importance of retaining talent in this field, the disparity is not as great as it might be in other sectors.

  • London: starting from £44.75K and reaching £166.5K
  • Scotland: starting from £41K and reaching £138K
  • North East: starting from £31.25K and reaching £122K
  • Yorkshire / Humberside: starting from £30K and reaching £127.75K
  • People change jobs frequently and easily

According to the report, the average tenure for cybersecurity professionals is 2 years and 1 month. More specifically, 66% of the people surveyed had changed roles in the last 2 years, 43% within the last year. On the other end, only one in five were in the same role and the same company for the past 4 years.These numbers must be seen in combination with another interesting finding: In 32% of cases, the change from one job to another was completed within two weeks, from the time the CV was submitted to the time the offer was accepted. This leads to two conclusions: first, that demand is high for qualified cybersecurity professionals, and second, that recruiters and employers cannot waste time in choosing their preferred candidate, but must commit quickly before someone else does.

  • It’s not all about money

The report did well to analyse the reasons why people chose to change jobs – and it was not always or exclusively for more money. In fact, over 12% of survey participants had changed jobs without gaining a salary increase. What they were after was a package that offered them other benefits they deemed valuable. Among others, five benefits ranked at the top, and in the following order:

  • Contributory pension
  • Private health care
  • Performance related bonus
  • Life cover
  • Flexi working

This insight in particular will be noted and appreciated by employers as it will help them understand what prospective employees are looking for.

  • Concentrated demand

Given the increase in cyber crime, organisations across all sectors both private and public are aware of the need to secure their data in compliance with relevant regulations. The survey covered a broad range of industries from airlines and aviation to gambling and casinos. As one would expect, there was a concentration of cybersecurity talent in four key industries: Tech firms, financial services, management consulting, and banking – and the larger the firm, the greater the concentration. The data above was extracted from Cybershark Recruitment’s first annual Cyber Security salary survey for the UK. While it will be interesting to watch the trends over the coming years, it is safe to say that demand will only increase in tandem with the digital transformation that is defining our times. For full details, please refer to Cybershark Recruitment’s UK SALARY SURVEY 2022,


Subscribe to Newsletter

Enter your email address to register to our newsletter subscription delivered on regular basis! 


© Copyright ICSI, Limited
(International CyberSecurity Institute) 2023