The UK’s national security is at risk due to a growing pay gap between public and private sector cyber roles, making it harder for the government to attract and retain top talent.
A recent study by Naoris Protocol found that salaries for key cyber security positions in the private sector can be nearly double those offered in government.
“The risks to UK national security from cyber crime are real, and the potential costs and damage to critical national infrastructure are staggering”, said chief executive David Carvalho.
Mid-level roles, such as cyber security analysts in London, typically pay between £50,000 and £70,000 annually. Meanwhile, senior positions including security managers and cyber security architects range from £80,000 to over £120,000.
A recent Ministry of Defence listing for a cyber security adviser offered just £36,530 per year, while a senior role in cyber governance and risk started at £67,820.
Naoris Protocol warned that unless public sector pay becomes more competitive, the government will struggle to combat emerging AI cyber threats.
A recent report by Spotlight on Corruption also found that the National Crime Agency (NCA) is struggling to fill cyber crime unit positions, with low pay and poor morale leading to staff shortages.
“The loss of skilled cyber professionals to the private sector is leaving critical roles unfilled, weakening national defences against cyber attacks”, the report stated.
Yet Toby Lewis, global head of threat analysis at Darktrace, said: “For junior cyber security talent, there are few better places to be than the public sector, where departments and agencies are well known for their ability to invest in training and development.”
He did acknowledge, however, that “barriers in mid to late-career do create a serious risk that the public sector becomes a training school for the private [sector].”
The National Audit Office has also raised concerns, warning that independent assessments of 58 government IT systems reveal “significant gaps” in cyber resilience.
Gareth Davies, head of NAO, said: “The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet the government’s work to address this has been slow.”
Carvalho added: “The UK government needs to address the pay gap in order to safeguard the country’s digital infrastructure, and competitive pay is essential to attract and retain the skilled people needed to combat evolving cyber threats.”
NAO also found that one in three cyber security roles within the government were either vacant or filled by temporary staff in 2023-2024.
This means that “joining a public sector organisation almost always means a pay cut, often for higher levels of responsibility, in significantly more impactful environments, but often with less authority and resources to deliver”, said Lewis.
This news comes as cyber security concerns rise across various sectors, amid the implementation of the Digital Operations Resilience Act (DORA) earlier this month.