Key Trends in the 2025 London Cyber Security Job Market – Part 2

Sophie Spencer, Director and Head of Cyber Security, Barclay Simpson

In part one of my detailed look at key trends in the London cyber security job market, I discussed the shift towards more specialised roles, the impact of macroeconomic uncertainties, the compliance requirements which until recently upheld the capital’s cyber security job market, and cyber security salary trends specific to London.

In part two, I discuss:

• Cyber security job skills in demand in London
• AI cyber security roles in London
• Cyber security roles in a range of business sectors
• The return to the office
• Diversity trends in London’s cyber security job market
• The London cyber security contractor market
• Insourcing vs outsourcing
• Emigration of cyber security professionals from London.

Cyber Security Job Skills in Demand in London

At the beginning of 2025, the in-demand information and cyber security roles and skills in London were definitely in the area of operational resilience, as the Digital Operational Resilience Act (DORA) loomed and businesses geared up for compliance.

Now the DORA deadline has passed, the focus has shifted to cyber defence, particularly threat intelligence and incident response roles. As hackers continue to up their game, employers are looking for effective incident responders who form the first line of response following a cyber attack.

More broadly, however, I find general talk of a cyber security skill shortage to be overblown.

There are definitely pockets of the cyber security industry where it’s hard to find experienced people. I’ve mentioned incident response as one area where I’d welcome more candidates with relevant experience.

Soft skills can also be a genuine problem, particularly in highly technical roles. This becomes particularly challenging with senior roles such as CISO. Are cyber security teams developing the softer skills that their technical people will need to progress?

On the whole though, skill shortages may simply be pay problems in disguise. If budgets were unlimited and there was no cost-of-living crisis, I’m not sure anyone would be talking about a skills shortage.

Some roles do stay unfilled for many months but, in my experience, that’s not usually because there’s nobody out there who can do the job – rather that no one is willing to do the job under the terms and conditions offered.

AI Cyber Security Roles in London

In recent weeks, we’ve started to see some AI cyber security roles in London. Prior to that, it was only a talking point.

I see five areas where AI impacts security teams:

1. AI tools to help manage cyber security – This can involve integrating machine-learning into certain points of the security process, or using AI to automate routine security operations centre (SOC) processes.
2. Securing the AI models themselves – This is the biggest area, and calls for individuals with a deep understanding of AI. Without them, how do businesses know that the AI models they’re putting into production are secure? How do they protect prompts and responses? And how can large organisations such as banks achieve scale?
3. Protecting the business against AI-enabled threat actors themselves, in the case of deep fakes, for example.
4. Enterprise-level risk management – How will a cyber risk professional take on the new dimension of risk that AI brings to cyber security?
5. AI governance – We are starting to see AI governance as a new responsibility. At present, this tends to fall under the DPO.
   Interestingly, the new roles we’re seeing span all five of these areas.

It’s clear that AI will make a major impact on cyber security. The UK Government’s plan to ‘turbocharge AI’ is just one of countless signals. However, we have yet to see significant ripples in recruitment.

The London Cyber Security Job Market – Sector by Sector

Barclay Simpson recruits for London cyber security jobs in a range of sectors – including banking, financial services, commerce and professional services.

The standout trends that I see are:

• A general slowdown of recruitment in financial services, banking, asset management and insurance
• Redundancies, particularly in startups, where funding is starting to run dry
• Professional services firms holding their own, especially if they have defence clients. With so many companies cutting their permanent headcount, when a new project arises, either contractors or professional services firms such as BSS are needed to deliver it.

The Return to Office-Working in London

In the aftermath of the pandemic, with widespread home-working, London employers found themselves fishing from a larger pool of cyber security professionals. It was something of a win-win – a cyber security engineer living in Scotland, for example, might suddenly have been able to earn a London salary without relocating. It really opened up the job market for employers, candidates and recruiters alike.

In 2025, however, we see London employers tilting back to their office-work default setting. In cost-cutting mode, many are telling their employers to turn up to the office at least three days a week. Where does that leave the Scottish cyber security engineer? Or less extreme examples – such as cyber security ‘techies’ who are simply averse to office-working?

The Department for Science, Innovation and Technology’s report on cyber security skills cites a number of reasons why employers are so keen on office-working – “collaboration, knowledge sharing, onboarding new staff, socialising, and security (especially for less experienced staff)”.

Although 74% of cyber security and data privacy professionals we surveyed for our 2025 Cyber Security Salary Survey say they would change cyber security jobs to get remote or flexible working, there’s no doubt that they’re losing their upper hand in the London job market. It remains to be seen how lasting this power reversal turns out to be.

Diversity Trends in the London Cyber Security Job Market

Improving diversity in the cyber security profession in London is a slow grind, but the trend is upward.

As we point out in our 2025 Cyber Security Salary Survey, cyber security continues to be male-dominated, with only 18% of candidates identifying as female. But underneath that figure, there’s a more promising shift – with the proportion of women doubling from 9% in 2021.

Meanwhile, the DSIT cyber security skills report offers some interesting ethnicity data:

“People from ethnic minority backgrounds make up 15% of the sector workforce, and 9% of those in senior cyber roles (i.e. requiring 6 or more years of experience).”

My own perception is that we see real ethnic diversity when recruiting into cyber security roles. In London, as well as Birmingham and Manchester, we see a great deal of ethnic background diversity, particularly in technical roles.

With gender, the trend is also role-sensitive, but in a different way. For non-technical roles such as GRC or data privacy, there are probably even more female candidates than male. But on the technical side, female presence continues to be scarce.

Diversity really matters to many of the employers we speak to though. As one of our associate consultants pointed out in our 2025 report:

“Employers regularly ask for more diverse shortlists when hiring for cyber security roles in financial services. Some larger organisations are also really proactive in developing initiatives to encourage more women into the tech industry. This is always great to see, and we hope more firms follow in their footsteps.”

We all need to be alert to any signs of progress being scaled back in London’s challenging job market. Our consultants are seeing some evidence of this, particularly for highly technical roles requiring specialised skillsets.

The Cyber Security Contractor Market in London

As cyber security contractor recruiters, we find that London continues to be the main location of activity, certainly compared to the rest of the UK and Europe, including Germany. That said, we’re seeing an overall decline in the number of employers hiring contractors and other interim staff, and London isn’t immune to that downward trend.

Many contractors are struggling to find genuine day-rate contract work. Fixed-term contracts can still be found, but being salaried, they represent ‘the worst of both worlds’ for contractors, with job insecurity combined with a permanent rate of pay.

That’s why we’ve seen a lot of contractors move across to permanent roles.

On a reassuring note, for experienced contractors with broad and versatile technical expertise, the prospect of finding high-quality work remains high. And our latest survey reveals that 80% of employers used contractors in 2024, similar to the previous year.

Insourcing/Inshoring or Outsourcing/Offshoring Cyber Security?

Cybersecurity goes through regular insourcing and outsourcing cycles. A company will make its team redundant and offshore its cyber security operations. This is particularly popular in economically challenging periods. But when problems such as breaches arise, many go back to insourcing and rebuild their local team.

In 2025, there are signs that outsourcing is back in vogue in London, due to cost pressures.

Emigration of Cyber Security Professionals

The final trend I identify in the London cyber security job market is the increase in professionals looking to leave the UK. Many people working in cyber security roles in London don’t have British nationality and are internationally mobile. They’re keen to move to countries, mainly in Asia and the Middle East, where they believe there are more opportunities.

A Dip or a Slump?

I don’t think any cyber security recruiter in London has seen such a long dip. Nobody expected the job market doldrums to last until 2025. It’s quite plausible that organisations were planning to increase their budgets until the employer NI rise and other financial pressures intervened.

But although there are more candidates for cyber security jobs than there used to be, we can confirm that there are still some attractive roles coming on to the market, particularly at mid-level.

In my next blog post, I’ll discuss the rising demand for mid-level cyber security professionals in the current job market.