Home
Jobs
Upload CV
Find Talent
Careers
Recruitment Market Update 2024 – Cyber Security & Data Privacy
Welcome to Barclay Simpson’s Market Update, which provides an overview of current recruitment trends and insights from the cyber security and data privacy markets in 2024.
Market Overview
The cyber security and data privacy recruitment market continues to be subdued, with an uncertain economic and political environment dampening hiring intentions across many of the disciplines that we cover. Nevertheless, there is currently significant pent-up demand among both employers and candidates, which we expect to materialise later this year once the business climate stabilises and confidence returns.
Indeed, a brief uptick in recruitment activity occurred in the first quarter of 2024, and this was expected to continue into the second quarter when the ONS revealed in May that the UK had quickly bounced back from recession at the end of last year.
Any hopes of a sustained revival were sadly dashed once the General Election was called, with many organisations understandably reluctant to hire until the dust had settled and the political landscape became clearer. The dissolution of Parliament due to the election also halted the progress of any proposed legislation that was on the parliamentary agenda, including the Data Protection and Data Information (DPDI) Bill.
Overall, however, hiring is poised to rebound strongly in the coming months. With inflation easing, recent interest rate cuts, and the possibility of less political upheaval after the election, there are several reasons to be optimistic. We are also seeing an abundance of skilled talent eager to make a change, and many employers are champing at the bit to fill much-needed skills gaps in their cyber security and data privacy teams once budgetary restraints are loosened.
Cyber Security Activity Index
Source: Barclay Simpson – in-house recruitment activity data indicating the pace of the market.
.
Supply of cyber security jobs
January
February
March
April
May
June
July
August
September
October
November
December
Source: Job adverts UK company careers pages
Key trends in cyber security recruitment
High demand for operational resilience
The Digital Operational Resilience Act (DORA) will come into effect on 16 January 2025. Many organisations still do not have the right skills and expertise in place to navigate this new legislation, so hiring demand within the space has far outpaced any other area of cyber security jobs this year.
Employers are therefore finding it challenging to fill these vacancies. As all companies face the same deadline, there is widespread demand for candidates with experience of DORA, but as it is a new regulation, this skill set is hard to find. Clients have to fight over the few candidates with experience, and the problem is has been exacerbated because candidates working on DORA projects are reluctant to change jobs in the middle of a project. As such, companies are having to look at operational resilience candidates instead and decide if they have enough time to train them on DORA before the deadline.
FTCs on the rise
While the interim jobs market often does well during periods when the permanent market stutters, this is not the case at the moment. Demand for contractors has substantially decreased, and we are instead seeing an increase in fixed–term contracts (FTCs).
These are generally unpopular with candidates, who are usually receiving the worst of both worlds. FTCs do not offer long-term job security, nor do they pay the premium that typically comes with the additional risk of contracting. As a result, many interim workers are transitioning into lower-paying permanent roles as organisations become reluctant to meet day rates. We expect this trend to continue while investment in development and change projects remains suppressed.
CISO burnout
Our consultants are reporting that the mental health of cyber security professionals is at an all-time low, as they battle with under-resourced teams, elevated expectations and an increasingly complex threat landscape.
CISOs are particularly under pressure, given that the responsibility for security failures typically falls on their shoulders. Recent research shows that 80% of CISOs classify themselves as ‘highly stressed’, with 30% saying this has compromised their ability to do their job. A separate study found that 61% of CISOs are concerned about personal liability for cyberattacks and breaches at their organisation.
Some businesses are outsourcing their SOC activities at the weekend to relieve stress on their in-house teams. Sadly, however, many other CISOs aren’t getting the support they need from their boards, with 49% claiming there is a lack of buy-in from C-level executives regarding information security.
Top CISO challenges
1. Budgets don’t match expectations
(55% of CISOs)
2. Change management
(37%)
3. Relentless regulations
(33%)
4. Supply chain security
(25%)
Source: BSS ‘How CISOs can succeed in a challenging landscape’
Salary trends in Cyber Security & Data Privacy
After unprecedented growth in 2021 and 2022, salary increases began to plateau last year. As we come to the end of 2024, we are now seeing signs of salary depression, with candidates often willing to accept lower base rates than their current position if they are keen to change roles.
Contractors switching to permanent jobs for greater security are especially likely to take a hit on their earnings. However, the overall impact on earnings across the cyber security profession has been muted, with most practitioners in employment achieving inflation linked pay rises.
Security Leadership
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Ciso (Global / /EMEA) | £180k + | £170k + | £900 – £1,200 |
| Cyber Security Director | £130k – £200k | £120k – £180k | £800 – £900 |
| Head of IT Risk | £130k – £220k | £120k – £180k | £800 – £1,000 |
| Head of GRC | £120k – £150k | £90k – £130k | £750 – £850 |
| Head of Information Security (dept above 10+) | £150k+ | £130k+ | £800 – £900 |
| Head of Information Security (dept under 10+) | £100k – £160k | £80k – £140k | £700 – £800 |
| Head of Security Architecture | £130k – £200k | £110k – £170k | £900+ |
| Head of Security Operations | £80k – £120k | £70k – £110k | £900+ |
| Head of Incident Response | £90k – £140k | £80k – £120k | £900+ |
Governance, Risk & Compliance
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Business Information Security Officer | £90k – £130k | £85k – £110k | £600 – £800 |
| Information Security Manager (team above 5+) | £95k – £120k | £80k – £110k | £600 – £800 |
| Information Security Manager (team under 5+) | £80k – £95k | £70k – £85k | £600 – £800 |
| Information Security Officer | £80k – £120k | £70k – £110k | £600 – £800 |
| IT Risk Manager | £85k – £120k | £75k – £110k | £600 – £800 |
| Third Party Risk Lead | £75k – £100k | £65k – £90k | £550 – £750 |
| Senior Information Security Analyst | £70k – £85k | £45k – £65k | £500 – £600 |
| Information Security Analyst | £55k – £65k | £50k – £60k | £400 – £550 |
Security Architecture & Engineering
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Enterprise Security Architect | £100k – £140k | £90k – £120k | £700 – £900 |
| Application Security Architect | £100k – £130k | £90k – £120k | £700 – £900 |
| Security Solutions Architect | £100k – £130k | £90k – £120k | £700 – £900 |
| Application Security Officer | £85k – £110k | £75k – £100k | £600 – £750 |
| DevSecOps Engineer | £85k – £100k | £75k – £100k | £600 – £850 |
| Information Security Engineer | £70k – £90k | £55k – £85k | £550 – £800 |
| Cloud Security Architect | £100k – £130k | £80k – £100k | £650 – £850 |
| Cloud Security Engineer | £80k – £110k | £80k – £110k | £700 – £850 |
Security Operations & Incident Response
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Deputy Head of Security Operations | £80k – £100k | £70k – £90k | £700 – £900 |
| Cyber Defence Analyst | £50k – £65k | £40k – £55k | £450 – £650 |
| Cyber Threat Intelligence Analyst | £50k – £85k | £45k – £75k | £550 – £650 |
| Incident Response Analyst | £60k – £80k | £50k – £75k | £550 – £650 |
| Incident Response Manager | £80k – £110k | £75k – £95k | £600 – £800 |
| Security Operations Analyst | £45k – £60k | £35k – £50k | £500 – £600 |
| Security Operations Manager | £60k – £85k | £50k – £75k | £600 – £800 |
| SOC Analyst | £45k – £60k | £30k – £45k | £500 – £650 |
Security Operations & Incident Response (Overflow)
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Senior SOC Analyst | £60k – £80k | £60k – £80k | £550 – £650 |
| SOC Manager | £80k – £100k | £75k – £95k | £700 – £800 |
| Cyber Security Director | £135k – £200k | £120k – £190k | £700 – £800 |
| Head of Security Operations | £90k – £130k | £90k – £125k | £800 – £900+ |
| Head of IR | £95k – £140k | £95k – £140k | £700 – £800 |
| SOC Engineer | £75k – £120k | £75k – £100k | £550 – £650 |
| Head of SOC Engineering | £100k – £140k | £100k – £140k | £750 – £850 |
Business Continuity & Operational Resilience
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Head of BC | £100k – £150k | £100k – £125k | £700 – £800 |
| Head of Operational Resilience | £100k – £150k | £100k – £130k | £700 – £800 |
| BC Analyst | £35k – £60k | £30k – £55k | £450 – £550 |
| BC Specialist | £70k – £90k | £70k – £90k | £550 – £650 |
| BC Manager | £60k – £85k | £60k – £80k | £600 – £700 |
| Operational Resilience Analyst | £50k – £60k | £50k – £60k | £450 – £550 |
| Operational Resilience Manager | £70k – £95k | £70k – £90k | £600 – £700 |
| Operational Resilience Specialist | £70k – £90k | £70k – £90k | £550 – £650 |
Identity & Access Management
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Head of IAM | £120k – £140k+ | £110k – £130k+ | £600 – £850 |
| IAM Manager | £90k – £120k | £85k – £110k | £500 – £700 |
| CIAM/PAM Lead | £95k – £120k | £85k – £110k | £500 – £700 |
| IAM Product Owner | £95k – £120k | £85k – £110k | £500 – £700 |
| IAM Architect | £90k – £120k+ | £80k – £110k+ | £500 – £700 |
| IAM Engineer | £75k – £95k | £70k – £90k | £400 – £600 |
| IAM Analyst | £60k – £85k | £55k – £80k | £350 – £500 |
Penetration Testing
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Entry Level Penetration Tester | £25k – £40k | £20k – £30k | £300 – £400 |
| Mid Level Penetration Tester (approx 4-5 yrs exp) | £50k – £80k | £45k – £70k | £500 – £650 |
| Manager Level Penetration Tester | £80k – £120k | £75k – £110k | £650+ |
| Head of Penetration Testing | £125k+ | £115k+ | £800+ |
Security Transformation
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Information Security Programme Manager | £80k+ | £75k+ | £800 – £900+ |
| Information Security Project Manger | £60k – £75k | £55k – £70k | £600 – £800+ |
| Information Security PMO Manager | £50k – £60k | £45k – £55k | £500 – £600 |
| Information Security Business Analyst | £55k – £65k | £50k – £60k | £550 – £750 |
| Information Security Service Delivery Manager | £70k – £80k | £65k – £75k | £550 – £650 |
Data Protection & Privacy
| Area | London | Regional | Contract day rate |
|---|---|---|---|
| Head of Data Protection | £80k – £100k | £80k – £100k | £550 – £650 |
| Data Governance Manager | £80k – £100k | £70k – £90k | £575 – £675 |
| Data Protection Analyst | £40k – £50k | £30k – £45k | £300 – £400 |
| Data Privacy Lawyer | £90k – £150k | £75k – £100k | £600 – £750 |
| Data Privacy Advisor | £60k – £75k+ | £50k – £70k | £450 – £550 |
| Data Protection Officer | £100k – £150k | £90k – £140k | £600 – £800 |
| Privacy Manager | £65k – £85k | £50k – £70k | £400 – £550 |
| Global Privacy Counsel | £120k – £200k | £110k – £140k | £900 – £1k |
Attract and retain the cyber security and data privacy professionals you need with Barclay Simpson.
View or Download PDF Version of the Report below:
If you are interested in a new cyber security or data privacy position or recruitment services, get in touch today.
