Employers recognise the need for cyber skills – and they’re willing to pay big

IT industry salary review finds board-conversant, red team-loving executives are in high demand

The employment market is hungry for “future focused” executives with the ability to manage cybersecurity risk at the board level, according to a recent jobs market update that also found employers put a premium on executives who understand the need to continually test systems through regular red-teaming and penetration testing.

“Across all industries, C-suite executives who are future focused and see technology-driven change as an opportunity to disrupt a business both nationally and globally are sought,” the FY19/20 Hays Salary Guide notes.

“So too are executives who can manage cyber security risk by making cyber preparedness a board priority and stress testing the resilience of their systems and people to withstand an attack.”

IT jobs remained among the best-remunerated positions in Australia, with skill shortages in areas such as cybersecurity, data and software development driving double-digit annual growth for cybersecurity consultants and many other roles.

Security architects were commanding salaries of up to $210,000 in Sydney, $190,000 in Melbourne, and $150,000 in Brisbane while security analysts were fetching up to $145,000, $150,000, and $100,000 in those cities, respectively.

Security consultants were making more in Melbourne – with an average salary of $160,000 and a range of up to $180,000 – than in Sydney ($125,000 average), Brisbane ($130,000) or any capital city except for Canberra – where security consultants and architects were commanding salaries of up to $200,000.

“As security threats become more prevalent and sophisticated, cyber security remains a top priority for most organisations,” Hays Information Technology managing director Adam Shapley said in a statement. “There has been a significant increase in the need for cyber security consultants, resulting in an upwards movement in remuneration.”

Traditional IT roles also showed strong growth in salaries, with jobs such as end user support recording an uptick and higher salaries for professionals who can deliver better customer service through the combination of technical capabilities and communication skills.

Fully 53 percent of surveyed organisations said they were intending to add permanent staff to their IT departments this year. And 91 percent of respondents said they would increase salaries in their last review – although the value of these increases would be down compared to last year, with more than half intending to raise salaries by 3% or less. This was up from 38 percent last year.

Interestingly, despite the salary premiums they attract, security skills were named as the least likely of nine types of skills to have a high impact on the organisation’s effectiveness: 52 percent of respondents said technical skills would have such an impact, but just 10 percent said the same about security skills.

Regardless of the magnitude of their contribution, organisations’ struggle to get the skills they need is having an impact: 70 percent of respondents said skills shortages would impact their operations either to a significant (28 percent) or minor (42 percent) degree. This was up from 67 percent of respondents in last year’s survey – suggesting a growing urgency to add appropriate and necessary cybersecurity skills.

New Zealand companies, Hays IT’s analysis noted, have particularly struggled due to the especially small size of the cybersecurity skills pool – driving many to look to develop cyber security talent internally, and to sponsor training and certifications for existing staff.

This approach may actually be beneficial for other reasons, the report’s authors noted: “While money talks, it isn’t all that matters,” they write. “The best way to invest in talent is to keep them engaged and create a retention strategy that provides value to employees.”