BSA 2024 Cyber Security Salary Guide v5 SPREADS - Flipbook - Page 10
10
Key factors affecting cyber
recruitment in 2024
Over the next 12 months, we expect various political,
economic and social factors to have an impact on
cyber security and data privacy hiring trends.
New regulations
Regulatory change is often a key driver of demand
within cyber security and data privacy, and we
anticipate that several recently implemented and
upcoming regulations will affect hiring within these
markets.
For example, 昀椀nancial entities have less than one
year left to comply with the Digital Operational
Resilience Act (DORA), which will come into force
from 17 January, 2025. As a result, we are already
seeing increased demand for candidates with
strong operational resilience and business continuity
experience.
This demand is mostly for permanent candidates
currently, but as the DORA deadline looms, we expect
more organisations to turn to the contract market to
acquire the skillsets they need.
However, organisations that delay their hiring too
long may struggle to recruit talented senior professionals, many of whom will already be halfway
through DORA implementation projects and reluctant to leave their current role.
More broadly, the FCA, PRA and Bank of England
made it clear in their recent CBEST annual report
that cyber security is a key priority for the UK’s 昀椀nancial regulators in 2024 and beyond.
This also appears to be true for regulators stateside. The US Securities and Exchange Commission
adopted new rules last year that mean CISOs
at publicly traded companies can now be held
personally liable for their response to and disclosure
of cyber security incidents.
It is too early to predict exactly how this increased
attention from US and UK regulators will affect hiring
or salary trends in the immediate future. At the
very least, we predict US CISOs will demand higher
salaries to compensate them for taking on more
liability, which could shake up the market dramatically both domestically and abroad.
Ongoing demand for technical skills
In last year’s report, we noted that strong technical
skills are always in-demand and certain roles are
becoming more technical than ever before. This
continued to be the case throughout 2023, and there
seems little evidence this will change over the next
12 months.
GRC candidates, for instance, are typically expected
to possess technical security knowledge in areas
like cloud security, with increasingly few employers
willing to consider professionals with a more traditional governance background alone.
Product security is also receiving considerable
focus at the moment. More and more companies
want to build security into their products at an earlier
stage, shifting left and ensuring they are secure
by design.
As such, some organisations have restructured
to fully embed security professionals into product
areas. There has also been increased demand
for candidates from a software engineering
background who are now working in product
security, application security or software securityfocused roles.
56% of employers are
struggling to source
candidates with
sufficient technical or
regulatory knowledge
That said, it’s not just technical skills that are important; organisations are keen to 昀椀nd people who
also have the soft skills to effectively communicate
complex cyber security and data privacy risks to the
wider business.
Companies must strike a delicate balance
between investing in the security of their systems
and mitigating the potential losses associated
with a breach or failure. Cyber professionals must
therefore not only have the technical expertise
to build and maintain robust protections, but also
the commercial understanding to respond to risk
in a proportionate manner.
