UK-based cybersecurity professionals have seen their average wage increase at way above inflation over the past several years, but most are also being kept awake at night with job-related stress, according to the Chartered Institute of Information Security (CIISec).
The insights come from CIISec’s annual State of the Security Profession report for 2023/24, which is based on an online survey of 311 cybersecurity professionals.
It revealed that the average salary in the sector currently stands at £87,204, more than double the average UK wage of £34,900.
It rose from £62,144 in 2016/17, when CIISec published its first report, meaning a 7% increase over the period in real terms, once inflation has been factored in. However, the actual increase since 2016 was a whopping 29%.
Wages are also rising across the board, with almost a fifth (18%) of professionals this year earning more than £150,000, compared to just 7% in 2016.
However, these wage increases have come at a cost. Some 55% of respondents told CIISec they are kept awake at night by the stress of the job, while 39% said the same about the fear of suffering a heart attack. Over a fifth (21%) of security professionals are classed as “overworked.”
Skills shortages are likely to be exacerbating these issues. Respondents were most likely to claim that “people” (72%) cause the greatest operational challenges, compared to process (17%) and technology (11%).
A lack of diversity is compounding these skills shortages: just 19% of professionals enter the industry without a degree and women comprise only 10% of the workforce, according to the report. Only two-fifths (41%) of workers think they’ll be in the same role in two years’ time.
CIISec CEO, Amanda Finch, argued that many challenges facing the industry, like the ever-evolving threat landscape, are out of its hands. However, better recruitment and retention is very much within the grasp of employers, she added.
“If the cybersecurity industry wants to attract and keep its talent, it must diversify recruitment practices, hiring based on skills rather than experience or qualifications,” said Finch.
“Issues such as stress and career progression will also need to be addressed to help retain staff. With an ever-widening skills gap and more advanced threats driven by AI, failing to attract talent to the industry will hinder efforts to make the world a safer place, both today and in the future.”
AI for Good and Bad
Cybersecurity professionals are somewhat divided over their perception of AI, with 89% claiming it will benefit adversaries and 71% saying it will have a positive impact on network defenders.
However, despite 85% considering using the technology at work, a worryingly high share (44%) believe their organization is unaware of the risks associated with AI and doesn’t have policies in place to ensure its safe use.
“The security industry needs to build knowledge of the threats posed by AI – particularly GenAI – while it’s still in its relative infancy,” argued Finch.
“Educating people just entering the industry and those looking to start a career in cyber will be particularly vital, as they’ll be defending against AI attacks for decades to come. This will help to inform security practices and help cybersecurity professionals to educate the wider business about risk and safety.”