Willis Towers Watson, a global advisory and broking solutions company, has published its latest Cyber Pay survey results. They show some remarkable differences between countries across Europe. For cybersecurity professionals having multiple languages is key to getting the most lucrative jobs.
The data gathered by Willis Towers Watson comes from over 1,800+ participants across the entire high tech industry. It is not known how many of the respondents are solely engaged in cybersecurity.
Tim Rees, UK Cyber Strategy Leader for Willis Towers Watson’s Risk Solutions business, said: “The results show that businesses are recognising the value of cyber security professionals and galvanising an increasingly competitive European job market. While Germany currently leads European pay, the increasing frequency of cyber-attacks and incoming regulations such as GDPR will boost demand for cyber security professionals and drive salaries across the region.
“Cyber-attacks are not a matter of ‘if’, but ‘when.’ In addition to managing cyber risk through technology and risk transfer strategies, companies will have to compete for the best talent to protect them against this growing threat. Chief Information Security Officers are a growing role and bright career prospects are attracting the best digital talent – making cyber security a dynamic, yet well-established industry.”
What do cybersecurity professionals get paid?
According to Willis Towers Watson Cyber Pay survey the European median base salaries ranking for mid-level professionals are:
- Germany: £56,485 / €64,187
- Ireland: £55,485 / €63,000
- France: £51,197 / €58,178
- Netherlands: £48,996 / €55,677
- UK: £48,020 / €54,743
- Italy: £36,960 / €42,000
- Spain: £36,082 / €41,002
(Exchange rate: 1 GBP = €1.14)
As can be seen, the differential across European countries is significant. The UK, which is often touted as one of the best places for IT profession salaries comes in a paltry fifth place after Germany. Cybersecurity professionals in Germany earn more than 17% more than their UK counterparts. The differential between Spain and Germany is over 55%.
Germany, more so than any other European country, including France, is enforcing geofencing for data. It means that high-level cybersecurity staff must be based in Germany. This has caused problems for several tech companies as they have rolled out their Security Operations Centres (SOCs) in Germany. HPE, for example, took over 8 months to get up to speed and even then they had problems staffing one particular centre.
What else did the Cyber Pay survey show?
There were a number of other interesting details from this Cyber Pay survey. For example:
- Cyber professionals with 3-6 years’ experience can expect annual salary increases of 7-8% – nearly three times the UK national average.
- Cyber security typically attracts a younger workforce – entry to mid-level cyber security professionals and cyber security managers are consistently younger than the UK national average for comparable positions.
- Cyber security professionals have fewer years’ experience in the industry than comparable roles in other industries – suggesting faster progress than the UK national average.
These numbers will concern UK companies, especially as Brexit planning kicks in. If employers want to retain skilled staff they may find there is a need to pay a premium compared to other European countries. The EU is almost certainly going to allow skilled workers in areas where there are shortages to move out of the UK. When it does so, cybersecurity is guaranteed to be one of those areas.
The UK Intelligence agencies such as GCHQ could also suffer badly. It is preparing for its first cohort of degree-level apprentices. They will do a three year apprenticeship at GCHQ ending up with a cybersecurity degree. Unlike normal degree courses, they will be paid £18,000 pa. On graduating, those with language skills will have little difficulty trebling their salary and moving to Germany or even Ireland.
What does this mean?
The first and most obvious takeaway is that UK salaries are low. As one of the richest nations in the EU we continue to underpay skilled workers. In an area such as cybersecurity where there is a paucity of workers, many will follow the money. As students graduate with cybersecurity degrees and are able to speak multiple languages the barriers to overseas employment disappear.
The second takeaway is that the UK is already struggling with a lack of skilled cybersecurity staff. If they move abroad the UK will become a less safe place to do business in. With companies moving business to the Internet and systems to the cloud, they will be unable to protect them. This opens up the risk of data breaches and significant fines under GDPR.
Another issue here is national security. Like other countries the UK faces cyber-threats to critical national infrastructure (CNI) and to government. Without enough highly skilled workers these systems cannot be defended. In addition, cyber warfare is seen as a set of key skills countries need. The UK cannot simply rely on an increasingly understaffed military to provide these skills. It needs workers from elsewhere.
For now, however, if you want to make good money sign up for a language course in German, French or Dutch.