Latest News

Pay for Cyber Security Professionals falls in Scotland, increases in England

High-flying cyber security specialists in Scotland have seen their salaries fall over the last year while pay across England and Ireland has risen, according to recruiter Randstad.

In 2020, the best cyber security specialists in Scotland were earning £72,700 a year.  Now, average salaries for the top quartile of cyber security specialists have dropped to £70,200 – a fall of almost 3½ per cent.  

Meanwhile, south of the border, pay for A-players in England working in the well remunerated sectors like financial services have seen average salaries rise from £70,800 per year to £71,300, a ½ per cent increase.  

Adrian Smith, senior director of operations at Randstad said, “Edinburgh and Glasgow certainly have an appetite to become world-leading centres for tech.  But the salary figures don’t lie.  They reflect changes in supply and demand.  The job creation that powers that salary growth for the top quartile of high cyber-security specialists is just not there.  Given retail price inflation is currently running at close to four per cent, a fall of 3 ½ per cent looks even worse in real terms.


Across England, A-players in the East Midlands have seen pay rise – particularly in Derby, Leicester, Lincoln, Mansfield, Northampton and Nottingham – by over eight per cent, with average salaries up from £60,800 to £66,100 a year.

Adrian Smith said: “It would be easy to put salary falls in Glasgow and Edinburgh down to Scotland losing business to the EU post-Brexit.  But cyber-security is a booming sector in England and if this was all the fault of Brexit, we wouldn’t be seeing salaries rising in the North West of England, in Yorkshire & the Humber, the East Midlands, or in London.  The truth is, the best cyber-security jobs are being created south of the border and that’s unbalancing supply and demand, driving up pay.  By way of examples, last year, it was possible to recruit a less experienced cyber-security specialist for close to £47,000 in Nottingham.  That was great value for a role that is in such high demand – dynamic, agile companies have taken full advantage of what was a 20 per discount on hiring the same person in London.  But the same sort of candidate in the same city, would be demanding £52,600 now.


The recruiter says that the scale of medium sized businesses pivoting away from bricks and mortar towards online has spurred cyber-security hiring. 

In March, Lindy Cameron, the chief executive of the UK’s cyber-security agency, the National Cyber Security Centre (NCSC), said cyber-security was “simply not embedded into the UK’s boardroom thinking”.  But pay increases suggests cyber security is now being taken as seriously.

Adrian Smith said: “There’s a greater need for cyber security people as more businesses put more of their operational emphasis on the virtual world.  Bosses might have been trying to put hiring freezes in place over the last year but cyber-security is not an area that CEOs can afford to ignore.   Salary rises in England reflect that companies appreciate they can’t ignore cyber-security.  Worryingly, that does not appear to be the case north of the border.  The pay anomaly suggests Scottish employers might be being somewhat complacent.  If that is indeed the case, I’d submit that this is not a corner organisations in Scotland should consider cutting.  The threat is real, north of the border – Scotland’s environmental watchdog learnt that the hard way earlier this year when it admitted it could take it years to recover from a cyber attack.”


The median salary of a cyber security specialist working in London has risen from £59,300 to £66,800 over the last 12 months, a marginal increase.  But particularly experienced candidates, working well-remunerated specialisms such as financial services, have seen average packages rise from £79,500 to £81,000.  

Adrian Smith said: “Employees working from home during the lockdowns made the job of keeping organisations’ IT infrastructure intact much harder for CIOs.  More than 50 per cent of decision makers in the IT community think remote workers will expose their organisation to the risk of a data breach.  Remote working on a vast scale has been a major headache for CIOs and the associated IT security demands have driven recruitment, especially in London.”