The impact of regulations on hiring demand and salaries for IT Security roles

Cyber threats: things you need to know
Countess organisations have fallen victim to hacks and security breaches in recent years, leaving a trail of financial and reputational damage in their wake. Added to this, 2018 has been dubbed the ‘year of regulation’, with a number of new pieces of legislation coming into place.

As a result, not only are UK boardrooms faced with dealing with high priority regulatory demands, but they also need to get their security measures in order to ensure they fully comply. Therefore, it comes as no surprise that IT Security governance and the need for compliance are at the top of the agenda for this year and beyond.

However, surprisingly, our latest Tech Cities Job Watch report reveals some interesting trends in terms of hiring demand and salaries for both the permanent and contractor markets. It found that:

  • Demand for new permanent IT Security skills has dropped by 10%, but salaries increased by 4% year-on-year (Q4 2016-Q4 2017)
  • Despite day rates dropping by 13%, demand for IT Security contractors increased by 24% in the same period.

With IT Security becoming more important each day, the question is: what could be causing these contradictory results? There are many factors at play, but let’s take a look at two key regulations that may also be impacting these trends:

General Data Protection Regulation (GDPR): new IT Security challenges ahead

Without doubt, the GDPR has taken centre stage in many boardrooms. Throughout 2017, we saw many organisations take steps to prepare their processes for GDPR. This year, activity has ramped up even further, since the law is coming into force in just a few months’ time.

The impact of GDPR will be felt across all areas of business. With this in mind, leaders now recognise that IT Security and compliance are a requirement in both technical and non-technical roles. Two years ago, demand for permanent IT Security talent surged by 53%. Today, employers are looking to hire fewer permanent IT Security staff than before and are instead looking to upskill their existing workforce in security matters, rather than just relying on the talents of specialists.

While this is a necessary step and may help to explain the fall in demand for permanent IT Security talent, businesses shouldn’t neglect recruiting the specialists they need to keep pace with regulatory and security changes. For the few IT Security roles that are available today, salaries are offered at a premium, suggesting that these are being saved for more complex and challenging work.

IR35: has the value of contractors changed?

Last year, it was hard to miss the changes to the IR35 legislation that came into effect in the public sector. There is evidence that these developments caused significant uncertainty in the jobs market, creating an imbalance when it comes to both supply and remuneration of IT Security contractors.

In spite of IR35, there’s still high demand for contractors. Due to the architecture and high-profile nature of public sector work, there will always be a volume in demand for IT Security contractor work. However, the introduction of IR35, as well as budget cuts, have forced down the market value of IT Security contractors. This has increased competition for higher paying roles, while many contractors are being encouraged to transition into permanent roles which can demand premium salaries.

This imbalance in supply of IT Security talent is encouraging some contractors to join forces and form their own contractor businesses to work on a subscription-based model. If this trend continues, we may see these new players disrupt the traditional large enterprise outsourcers. Furthermore, this uncertainty in the contractor market may now also be considered as more risky for organisations to invest in talent. Looking further ahead, there is a possibility that the IR35 legislation will be extended into the private sector later this year. This may create further imbalance in the market.

Evidently, these trends paint a complex picture of the cyber security landscape. While hacks are on the rise, the slowing demand in permanent workers indicates that businesses no longer require as many IT Security specialists. On the other hand, developments in the public sector are having an even bigger and long-lasting impact on the short-term workers. However, it’s clear that businesses should not be resting on their laurels when it comes to keeping pace with the IT Security challenges they will face.

Download our latest Tech Cities Job Watch Q4 2017 report to find out more.

Looking for IT Security jobs? Find out more here.