According to the Chartered Institute of Information Security (CIISec), cybersecurity professionals in the UK have seen their average wage increase significantly over the past few years. The latest annual report, State of the Security Profession for 2023/24, revealed that the average salary in the sector has reached £87,204, more than double the average UK wage. This rise from £62,144 in 2016 reflects a 29% increase overall, with a 7% increase in real terms when factoring in inflation.
The report, based on a survey of 311 cybersecurity professionals, also highlighted a trend of rising wages across the industry. Nearly one-fifth of professionals now earn more than £150,000, compared to just 7% in 2016. While these wage increases are positive, they have come with a cost. A significant proportion of respondents (55%) reported being kept awake at night due to job-related stress, with 39% expressing fear of suffering a heart attack. Additionally, over one-fifth (21%) of security professionals feel overworked.
One of the contributing factors to these stress levels is the skills shortage within the industry. The report found that respondents identified “people” as the greatest operational challenge (72%), followed by process (17%) and technology (11%). Moreover, a lack of diversity compounds these issues, with only 19% of professionals entering the industry without a degree and women making up just 10% of the workforce. This lack of diversity also impacts career progression, as only 41% of workers believe they will be in the same role in two years’ time.
CIISec CEO, Amanda Finch, emphasized the importance of addressing these challenges to attract and retain talent in the cybersecurity industry. Finch highlighted the need for better recruitment practices focused on skill rather than experience or qualifications. She also stressed the importance of addressing issues such as stress and career progression to improve retention rates. With a widening skills gap and increasingly advanced threats driven by AI, attracting talent to the industry is crucial for global cybersecurity efforts.
In addition to skills shortages and diversity issues, cybersecurity professionals are also divided on their perception of AI. While 89% believe AI will benefit adversaries, 71% think it will have a positive impact on network defenders. Despite this, a concerning 44% of professionals feel that their organizations are unaware of the risks associated with AI and lack policies to ensure its safe use.
Finch emphasized the need for the security industry to build knowledge of AI threats, particularly as the technology continues to evolve. Educating newcomers to the industry and those seeking careers in cybersecurity will be essential in defending against AI attacks in the future. This education will not only inform security practices but also help cybersecurity professionals educate businesses about the risks and safety associated with AI technology.
Serbian 
English 
Albanian 
Croatian 