Best opportunities for cyber security professionals in Europe?

Business leaders across the globe are increasingly worried about the impact cyber threats could have on their organisations. PwC’s latest CEO Survey showed 40 per cent of chief executives are ‘extremely concerned’ about cyber security issues – up from 24 per cent last year.


Preventing malicious attacks remains difficult, particularly given the ongoing shortage of available security professionals worldwide. Research from (ISC)2 predicts a skills gap of 350,000 qualified cyber security workers across Europe by 2022. Yet, 38 per cent of hiring managers wanted to boost their headcounts by at least 15 per cent last year.


Our inaugural European Governance Recruitment Market Report revealed the key drivers of demand for cyber professionals are the GDPR, evolving data and security threats, and the need to update legacy technologies. Interpersonal skills are especially sought-after, with 42 per cent of respondents citing this as their greatest challenge when recruiting.


These skills shortages mean cyber security is currently a candidate-driven market, giving talented professionals multiple career development opportunities. But where are the most lucrative job offers in Europe?

Choosing a cyber security job in Europe

Our 2017 Compensation and Market Trends report for the security and resilience profession showed 43 per cent of professionals are willing to relocate within the EU.


Nevertheless, identifying the ‘best’ opportunities is always going to be a subjective exercise, as everyone’s priorities are different. We’ve therefore divided this article into three distinct categories that candidates may wish to consider:

  1. Remuneration;
  2. Level of vulnerability; and
  3. Current cyber security world ranking.

Cyber professionals should weigh up these competing factors when searching for a new role in Europe.

1. Remuneration 

More money and better benefits are popular reasons to look for a new job. Our figures show over one-third (34 per cent) of cyber professionals cited remuneration as the most likely cause of their job search.


While the UK is among the most developed cyber security markets in the world, we barely scrape the top five in terms of median base salaries, Willis Tower Watson research shows.

Image credit: HYWARDS via iStock.


Those looking to boost their annual income may instead be interested in Germany, where cyber professionals earn 18 per cent more than their UK counterparts. Here are the top seven countries in Europe for mid-level cyber security wages:


1. Germany: £56,485 / €64,187;

2. Ireland: £55,485 / €63,000;

3. France: £51,197 / €58,178;

4. Netherlands: £48,996 / €55,677;

5. UK: £48,020 / €54,743;

6. Italy: £36,960 / €42,000; and

7. Spain: £36,082 / €41,002.


The survey also found cyber security is attracting an increasingly young workforce. Entry to mid-level professionals and managers are consistently younger than employees of comparable seniority in other industries.

2. Level of vulnerability 

Germany, Ireland and France may offer the best salaries, but which countries are the most vulnerable to attack? A nation’s susceptibility may not seem directly linked to its job opportunities, but the European Council is moving towards a common approach to EU cyber security.


An EU-wide certification framework for ICT products, services and processes is already on the horizon. The European Union Agency for Network and Information Security will also soon have a permanent mandate to clarify its role as the central EU agency for cyber security.


The upshot of these changes is that many EU countries will be expected to improve their cyber security defences to meet new minimum requirements and should receive more support to achieve these targets. But which countries are currently most vulnerable?

Image credit: ake1150sb via iStock


Analysis from Website Builder Expert recently ranked the biggest cybercrime victims in the EU. The top five were:


1. Romania;

2. The Netherlands;

3. Portugal;

4. Poland; and

5. Italy.


The figures were based on the percentage of the population who had experienced an attack, the average annual malware rate and other factors. A separate list was compiled for countries with the weakest overall defences, the top three being Malta, Greece and Romania.


3. Current world ranking


Many European countries boast sophisticated cyber security markets that will appeal to jobseekers hoping to take the next step in their career.


Our research shows career development is the most important factor for candidates hoping to land a new security and resilience job, and where better to search than Europe’s cyber security hubs?


There are a number of global rankings for cyber security preparedness, but the United Nations Global Cyber Security Index offers a deep dive into each country’s strengths and weaknesses. Nations are judged on their legal structures, technical capabilities, organisational powers, capacity building and co-operation.

Here are the top three European countries:


Estonia is not only the strongest on the continent for cyber security but also fifth in the world. Following a 2007 attack, the country has worked hard to optimise its defences and currently hosts the headquarters of the Nato Cooperative Cyber Defence Centre of Excellence.


France ranks second in Europe and ninth worldwide due to the widespread cyber security training available in the country, as well as dozens of esteemed universities that offer accredited cyber-specific degrees. France also scored a perfect 100 score for capacity building.


Norway edges ahead of the UK – which came fourth in Europe – with comprehensive cyber security laws and extensive research into the culture surrounding the ethics of online monitoring and data collection. Norway is part of the Nordic National Cert Collaboration, which encourages cyber security information sharing and other related activities between the Scandinavian countries.

Are employers doing enough to attract candidates?

Half of all crime in some EU member states involves cyber security breaches, according to European Commission figures. Four-fifths of companies faced at least one cyber incident within the previous 12 months in 2017. Yet, 69 per cent of organisations have zero understanding or only a basic knowledge of their exposure to this type of risk.


So what are businesses doing to protect themselves? A recent report from Frost & Sullivan and other industry organisations unveiled various trends in the European cyber security recruitment market:

  • 92 per cent of hiring managers say past experience is important;
  • One in five professionals moved into cyber security from another profession;
  • 24 per cent of candidates have non-CIS degrees;
  • Only one per cent of cyber security professionals are unemployed; and
  • Nearly half (48 per cent) of hiring managers rely mainly on social and professional networks to source candidates.

The research appears to show that while experience remains a key factor in recruitment decisions, employers are becoming more flexible in other areas.


As the availability of candidates drops, organisations are willing to consider applicants moving from a range of sectors, including marketing, legal, engineering, and military and defence.

Image credit: peshkov via iStock.


However, employers may be hampering their ability to source talent by failing to look beyond their own networks or internal HR departments. Only 17 per cent of businesses retained a specialist search firm to help them fill cyber security skills gaps.


Whether you’re a candidate hoping to take your career forward in Europe, or an employer struggling to source the skills you need to build sophisticated cyber defences, Barclay Simpson can provide support. Contact us today on 020 7936 2601, or email me directly at to find out how we can help.


Our 2018 European Market Report combines a review of the prevailing conditions in the European corporate governance recruitment market with key insights from Barclay Simpson’s expert consultants.


Main image credit: mixmagic via iStock