Published: 16 Oct 2024
Welcome to Barclay Simpson’s 2024 Recruitment Market Update, which provides an overview of current recruitment trends and insights across the cyber security & data privacy sectors.
Market Overview
The cyber security and data privacy recruitment market continues to be subdued, with an uncertain economic and political environment dampening hiring intentions across many of the disciplines that we cover.
Nevertheless, there is currently significant pent – up demand among both employers and candidates, which we expect to materialise later this year once the business climate stabilises and confidence returns.
Indeed, a brief uptick in recruitment activity occurred in the first quarter of 2024, and this was expected to continue into the second quarter when the ONS revealed in May that the UK had quickly bounced back from recession at the end of last year.
Any hopes of a sustained revival were sadly dashed once the General Election was called, with many organisations understandably reluctant to hire until the dust had settled and the political landscape became clearer.
The dissolution of Parliament due to the election also halted the progress of any proposed legislation that was on the parliamentary agenda, including the Data Protection and Data Information (DPDI) Bill.
This means the Bill must now either be re – presented by the Labour government, or a new piece of legislation will need to be drawn up. While unlikely, the Bill could also be abandoned. Any hiring plans based around the introduction of DPDI have therefore been shelved until a later date.
Overall, however, hiring is poised to rebound strongly in the coming months. With inflation easing, recent interest rate cuts, and the possibility of less political upheaval after the election, there are several reasons to be optimistic.
We are also seeing an abundance of skilled talent eager to make a change, and many employers are champing at the bit to fill much – needed skills gaps in their cyber security and data privacy teams once budgetary restraints are loosened.
Supply of Cyber Security Jobs
Key Themes in Cyber Security Recruitment
High demand for operational resilience
The Digital Operational Resilience Act (DORA) will come into effect on 16 January 2025.
Many organisations still do not have the right skills and expertise in place to navigate this new legislation, so hiring demand within the space has far outpaced any other area of cyber security and data privacy recruitment this year.
Employers are finding it challenging to fill these vacancies. As all companies face the same deadline, there is widespread demand for candidates with experience of DORA, but as it is a new regulation, this skill set is hard to find. Clients have to fight over the few candidates with experience, and the problem is exacerbated by candidates working on DORA projects being reluctant to change jobs in the middle of a project. Companies are having to look at operational resilience candidates instead and decide if they have enough time to train them on DORA before the deadline.
FTCs on the rise
While the interim market often does well during periods when the permanent market stutters, this is not the case at the moment. Demand for contractors has substantially decreased, and we are instead seeing an increase in fixed–term contracts (FTCs).
These are generally unpopular with candidates, who are usually receiving the worst of both worlds. FTCs do not offer long–term job security, nor do they pay the premium that typically comes with the additional risk of contracting.
As a result, many interim workers are transitioning into lower–paying permanent roles as organisations become reluctant to meet day rates. We expect this trend to continue while investment in development and change projects remains suppressed.
CISO burnout
Our consultants are reporting that the mental health of cyber security professionals is at an all–time low, as they battle with under–resourced teams, elevated expectations and an increasingly complex threat landscape.
CISOs are particularly under pressure, given that the responsibility for security failures typically falls on their shoulders. Recent research shows that 80% of CISOs classify themselves as ‘highly stressed’, with 30% saying this has compromised their ability to do their job. A separate study found that 61% of CISOs are concerned about personal liability for cyber-attacks and breaches at their organisation.
Some businesses are outsourcing their SOC activities at the weekend to relieve stress on their in–house teams. Sadly, however, many other CISOs aren’t getting the support they need from their boards, with 49% claiming there is a lack of buy–in from C–level executives regarding information security.
Salary Trends
After unprecedented growth in 2021 and 2022, salary increases began to plateau last year. As we head deeper into 2024, we are now seeing signs of salary depression, with candidates often willing to accept lower base rates than their current position if they are keen to change roles.
Contractors switching to permanent jobs for greater security are especially likely to take a hit on their earnings. However, the overall impact on earnings across the cyber security profession has been muted, with most practitioners in employment achieving inflation linked pay rises.
This report was published by Barclay Simpson. View the PDF version of the report here.