Banner Default Seo

​Cyber Security Salary Survey 2022

Blog Img

Cyber Security Salary Survey 2022

Back to Blogs

Get Help Finding a New Talent

Get Help Finding a New Opportunity

Rutherford are specialists in cyber security recruitment, cyber risk recruitment and compliance, legal, financial crime, risk (financial and operational) and investment operations resourcing.

Our consultants work in a dedicated niche, enabling them to become trusted market experts, as well as giving them the ability to provide a comprehensive, in-depth service, advice and cyber security salaries in the UK to both clients and candidates.

We work with a selective group of clients who are aligned with our technical disciplines internally, whom also share the same values and methodologies as us. This enables us to build meaningful partnerships and create a tangible difference in our clients’ and candidates’ lives.

Current State of the Market

2022 has started off on a high note, with business confidence and recruitment booming. Despite being in a post-pandemic environment, it’s clear to see that the vast majority of clients and candidates have now adjusted to hybrid working, which in turn has created opportunity for new roles and restructuring.

According to the ONS, 45% of businesses as of May 2021 now offer remote working as a standard, and we anticipate that this number will continue to increase.

Whilst the shift to hybrid working models has triggered 95% of companies to change their cyber incident response plans (either in part, or completely); hybrid working remains the top-ranking concern for decision makers.

The normalisation of home working over the past two years has seen professionals investing heavily in a robust home office setup.

Although this has been excellent news for platforms and delivery companies, it has also given opportunity to threat actors, as organisations’ attack surfaces have extended beyond the confines of an office building, and instead into a myriad of poorly secured home networks.

Verizon highlighted that 45% of breaches featured hacking, 17% involved malware and 22% involved phishing. These ever-present vulnerabilities have forced organisations to rethink their cybersecurity strategy and become as risk averse as possible. This was supported in a report by Accenture, who stated that 68% of business leaders feel their cyber security risks are increasing.

The Future of Work

We are certain that the future of work will largely consist of hybrid working models, as for many organisations this is becoming a longer-term transformation.

For candidates, remote working has become a necessity, and in some cases a dealbreaker. For managers who are keen to bring their team back into the office, take time to listen to your employees and find what works for you rather than following market trends.

Trust and autonomy has also become incredibly important to candidates, and the future of work within cybersecurity will require organisations to allow for flexibility and encourage independent decision-making. A one-size-fits-all approach simply won’t work, especially when building out a cyber security team, so relying on feedback and open conversation will help organisations to navigate what will work for them.


From a hiring perspective, our message to all current and prospective clients is to allow room for flexibility. Listen to whom you already have in your organisation before reinventing your working practices to accommodate new talent.

Retention is just as important as talent attraction. Additionally, focus on creating a culture of trust and ensure that progression paths are clear. This will create a better talent acquisition and retention strategy, enabling you to differentiate yourself from your competitors.

A strong company culture, and an inclusive approach to training and development are also top priorities for new talent on the market.


The current market is an exciting place for candidates, as there are a number of engaging opportunities available which may not have been accessible previously.

A message we are driving home to all candidates we are partnered with is to ensure that clear boundaries are set during the onboarding process, especially if the role is remote. Push for clear lines of communication remotely, as well as ensuring that connectivity and culture is still prioritised even in a remote-first role.

Overcoming the Skills Shortage

Cyber Security firms such as Rutherford have spent a lot of time educating our current client partners on the skills shortage that we witnessed in 2021, which we anticipate will continue in 2022. Our advice is as follows:

Does what you want exist?: Instead of seeking the perfect candidate, focus on hiring for potential to widen your candidate pools.

Be different: Diversifying your team is proven to improve the quality of candidates coming into your organisation. Think outside traditional sourcing methods and leverage AI and technology to aid you.

Look in-house: Succession planning should be a priority in 2022. Develop the people you already have in-house before conducting an external search, some internal talent may already have the cyber security career basics.

Experience over academia: Although degrees and certifications are crucial for some roles, experience (particularly during Covid-19) is invaluable and shouldn’t be disregarded for academic accolades.


The workplace has evolved rapidly, with digitisation sitting at the forefront. To stay ahead of the curve, retain talent, and attract candidates, ensure that you are prioritising remote working, conducting regular salary reviews, and ensuring that feedback is a core part of your growth strategy. Organisations that fail to do this will struggle to attract high-value candidates as well as retain employees.

It’s clear that the Cybersecurity space is booming, and the demand for professionals is high. Data produced by Gartner highlights that the worldwide Infosec market is forecasted to reach $170.4bn by the end of 2022, which signals the start of an exciting year for clients and candidates alike.

For further information, please reach out to our Cyber Recruitment firm today.

Cyber Security Salary - 2022

basic salary (£)

Chief Information Security Officer


Head of IT Risk

£120,000 - £180,000

Head of GRC

£100,000 - £150,000

Head of Information Security

£100,000 - £160,000

Head of Security Architecture

£130,000 - £200,000

Head of Security Operations

£85,000 - £130,000

Head of Incident Response

£90,000 - £140,000

basic salary (£)

Business Information Security Officer

£80,000 - £125,000

Information Security Manager

£75,000 - £110,000

Information Security Officer

£70,000 - £90,000

Security Awareness Manager

£60,000 - £95,000

IT Risk Manager

£85,000 - £120,000

Third Party Risk Lead

£75,000 - £100,000

Information Security Analyst

£45,000 - £60,000

basic salary (£)

Application Security Architect

£80,000 - £125,000

Application Security Engineer

£85,000 - £110,000

DevSecOps Engineer

£85,000 - £110,000

Information Security Engineer

£70,000 - £120,000

Security Engineering Manager

£90,000 - £130,000

Security Administrator

£40,000 - £60,000

Cloud Security Architect

£80,000 - £120,000

Enterprise Security Architect

£85,000 - £125,000

basic salary (£)

Cyber Security Analyst

£40,000 - £85,000

Digital Forensics

£50,000 - £75,000

Threat and Vulnerabiity Manager

£75,000 - £105,000

Security Operations Analyst

£55,000 - £85,000

SOC / Security Operations Manager

£85,000 - £110,000

Incident Response Analyst

£65,000 - £90,000

basic salary (£)

Application Penetration Tester

£60,000 - £110,000

Infrastructure Penetration Tester

£40,000 - £90,000

CHECK Team Member

£50,000 - £90,000

CHECK Team Leader

£85,000 - £120,000

Rutherford's Cyber Security Salary Surveys

For the PDF version of Rutherford's 2022 Cyber Security Salary Survey

View Rutherford's 2023 Cyber Security Salary Guide


Michael Aspinall is a cyber security headhunter at Rutherford, the executive specialists in compliance, legal, financial crime, risk and cyber security recruitment.

Contact our cyber security headhunters for a confidential conversation surrounding cyber security, cyber risk recuitment or current cybersecurity salary trends, send us an email at or see our latest vacancies.