Despite a global shortage of cybersecurity expertise that is often described as nothing less than chronic, a global salary survey of 1,324 cybersecurity professionals finds nearly half the respondents (48%) earn less than $50,000 a year. Only 36% earn more than $70,000 a year, the survey finds.
The survey, conducted by Cynet, a provider of tools for detecting breaches, also finds cybersecurity professionals with the same level of experience generally make equivalent salaries regardless of whether they have a degree in computer science or a related engineering field.
However, the report also notes that individuals who pivoted from an IT occupation to a cybersecurity position earned more than their peers who started out in cybersecurity.
Overall, cybersecurity professionals working in the banking and finance industry command the highest salaries and, with the exception of security analysts, cybersecurity professionals generally receive periodic bonuses with annual rates ranging between 1% and 10%.
The report also notes that security analysts in North America have significantly higher salaries than their counterparts in other countries, with more than 80% earning between $71,000 and $110,000.
Yiftach Keshet, director of product marketing for Cynet, said higher salaries in North America for this type of position may reflect the fact that so many of the companies being targeted by cybercriminals are based in North America.
Not surprisingly, women are underrepresented in the cybersecurity field. The highest percentage of women is in the 20-29 age group, representing 6% of overall positions. The highest percentage of women were found in security director/manager positions (10%).
Despite the high number of companies looking to hire cybersecurity professionals, Keshet said it’s only really tier-three professionals who can command a premium salary, especially if they have skills in areas such as penetration testing. Much of the fierce competition for talent is occurring among professionals with proven skills.
In the meantime, despite all the hype surrounding artificial intelligence (AI), Keshet said it’s unlikely cybersecurity professionals will be replaced by AI systems anytime soon. However, AI will make cybersecurity professionals more efficient, which may have an impact on demand for professionals with entry-level skills as more tasks become automated. The challenge, of course, is as the tasks associated with entry-level positions go away, it will become more challenging to find individuals to fill higher-level positions, as the base of talent to groom those experts might not be as large in the years ahead. Breaking into the field will become much more difficult than it is today.
Like a lot of fields, low unemployment rates don’t appear to be having as dramatic an impact on wage growth as might be expected. Not only are there a lot of organizations augmenting their cybersecurity teams by relying on contractors, but also cybersecurity is one of those fields that enables companies to look for talent all around the globe.
It’s not at all clear where cybersecurity salaries might be heading from here. As both the volume and sophistication of cybersecurity attacks continue to rise, there’s a greater appreciation for cybersecurity expertise. It’s just not clear organizations are willing to pay a premium to gain it.