Despite entering “the year of regulation” demand for IT security staff is slowing and regulation could reduce the supply of cyber contractors

Demand for new IT Security skills has dropped by 5% in the past year (from Q4 2016 to Q4 2017), according to the latest Tech Cities Job Watch reportfrom Experis, the global leader in professional IT resourcing. The report showed that despite a 24% year-on-year (Q4 2016 – Q4 2017) increase in the demand for contractors, this was outweighed by a 10% decrease in demand for the larger market of permanent IT security staff, during the same period.

The quarterly report tracks IT jobs and salaries advertised within five technology disciplines (Big Data, Cloud, IT Security, Mobile, and Web Development), and across 10 UK cities. Permanent IT Security salaries rose by 4% this year, indicating that despite the demand drop, businesses are still willing to pay a premium for more specialist security professionals. However, the average salary for a cyber security role (£60,004) remains much lower than the likes of a Big Data specialist (£70,945).

Martin Ewings, Director of Specialist Markets, Experis UK & Ireland, commented, “These figures paint a complex picture of the cyber security landscape. While hacks are on the rise, the slowing demand for permanent IT security staff indicates that businesses are focusing on upskilling current employees to ensure that they have the skills needed. The Internet of Things (IoT) has transformed the way that companies across every industry work; and cyber security is now everyone’s responsibility – not just the IT department’s. From Web Development to Big Data and Mobile, businesses are conscious that IT Security needs to be factored into all digital projects from the start and employers are upskilling their existing workforce in response. However, in what is being dubbed ‘the year of regulation’ and following several years dominated by major hacks and security breaches, businesses need to ensure that they are not resting on their laurels when it comes to keeping pace with the ever more sophisticated cyber threats they will face.”

Despite seeing a 24% increase in demand for IT security contractors, there was a 13% decrease IT in day rates reported year-on-year (Q4 2016 – Q4 2017).

Ewings continues, “This trend is the result of a combination of different factors in the public and private sectors. On the one hand, businesses are plugging their short-term skills gap with more contractors but allocating them to lower value, higher volume security tasks; freeing up the permanent staff to focus on their more complex work load. But developments in the public sector are having an even bigger and long-lasting impact on the short-term market. Budget cuts and the introduction of IR35 have artificially forced down the market value of IT Security contractor day rates.”

“The complex architecture and high-profile nature of public sector work will always ensure the volume demand of IT Security contractor work, but the downward pressure on day-rates could see the supply of workers transition to permanent roles in the private sector – potentially leaving the public sector understaffed and vulnerable to attack. Many contractors are uniting in response to this, forming their own contractor businesses to work on a subscription-based model. If this trend continues, we could see these new players disrupt the traditional large enterprise outsourcers in 2018 and beyond,” Ewings concluded.