Home
Jobs
Upload CV
Find Talent
Careers
The 2026 Barclay Simpson Salary Survey & Recruitment Trends Guide: Cyber Security and Data Privacy in Germany
Content overview
Germany’s cyber security and data privacy permanent job markets
AI in Germany’s cyber security and data privacy job markets
Equality, diversity and inclusion in Germany’s cyber security and data privacy job markets
Salary and bonus trends in Germany’s cyber security and data privacy job markets
Cyber security and data privacy in Germany salaries
Barclay Simpson has been producing market reports across the areas we recruit for since 1990. For the 2026 edition of our Salary Survey and Recruitment Trends Guide for the cyber security and data privacy market in Germany, we surveyed cyber security and data privacy professionals and their employers to gather their views on the issues affecting the profession.
This includes trends affecting permanent jobs and contract jobs, as well as wider developments shaping the cyber security and data privacy market, such as artificial intelligence and equality, diversity and inclusion. We also examine current salary trends and provide the latest salary ranges for cyber security and data privacy jobs in Germany.
Germany’s cyber security and data privacy permanent job markets
2025 was a year that ended relatively well for cyber security recruitment in Germany – despite the country’s ongoing macroeconomic challenges – with growing numbers of new cyber security positions emerging in the last quarter.
As for the country’s broader economic downturn, there appeared to be no end in sight. German statistics agency Destatis reported that insolvencies rose by 15% in December 2025, compared with the same period in 2024.
Germany’s difficulties, traditionally confined to specific sectors, affected the entire economy. In 2025, there were more than 17,600 company insolvencies, according to the Leibniz Institute for Economic Research. The production and manufacturing sectors were particularly badly hit.
What are the biggest challenges to securing a new role at the moment?
| Challenge | % candidates |
|---|---|
| Advertised salaries or day rates are too low | 83% |
| Challenging recruitment processes | 46% |
| Too few jobs being advertised | 33% |
| Hesitant to move from current role | 17% |
| Other | 4% |
Respondents could select all options that applied
On a positive note, the huge amount of digital transformation work still to be undertaken in Germany gave hope for cyber security employment growth.
“Many German companies paused their digital transformation programmes for a while,” says Kieran Green, Principal Consultant at Barclay Simpson. “But as production cycles come to an end and with the NIS2 Directive now implemented into national law, digital transformation is becoming a pressing priority.”
Although not as publicised as their British counterparts, German cyber attacks have increased significantly in recent years. 89% of German companies were affected by data theft or misuse in 2023–25, according to PwC’s Digital Trust Insights 2026. The same study found that only around 15% of German companies had invested in proactive security and resilience measures.
“The shock of UK cyber attacks such as Jaguar Land Rover has reverberated throughout the German business world,” says Kieran. “Leaders recognise the need to build up their SOC and SIEM processes as well as cyber defence capabilities.”
“The shock of UK cyber attacks such as Jaguar Land Rover has reverberated throughout the German business world.”
Impact of cyber security and data privacy regulations on recruitment
A packed regulatory environment kept security teams on their toes and drove demand for skilled cyber professionals. The EU AI Act and NIS2 were among the newcomers requiring attention. At the centre of these developments was the BSI, the Federal Office for Information Security, which pushed for stronger resilience and cyber security maturity, particularly in KRITIS (critical infrastructure).
2026 promised to be a critical year for the NIS2 directive, which establishes a broad cyber security framework. Germany’s NIS2UmsuCG Implementation Act came into force in December 2025.
“Although much of NIS2 was previously covered by NIS and ISO 27001, it does go into more detail on cyber maturity and resiliency,” says Kieran. “And it also applies to far more companies than before. I believe that NIS2 will prompt the creation of new roles to revamp existing infrastructure and develop risk management methodologies.”
“I believe that NIS2 will prompt the creation of new roles to revamp existing infrastructure and develop risk management methodologies.”
The Cyber Resilience Act came into force in December 2024, mandating the reporting of serious security incidents from September 2026.
Cyber security and data privacy recruitment growth areas
Although the economic downturn created significant recruitment challenges in sectors such as production manufacturing, the German cyber security and data privacy jobs market was not without its bright spots.
Financial services was one such example, with a burgeoning need to build out cyber resilience across the sector.
“In financial services, we’re seeing an intensifying focus across the three lines of defence compared to recent years,” says Kieran. “This has led to the creation of more positions such as first-line and second-line governance control. But most of the work has resulted from DORA, with financial services businesses building up their first-line and second-line implementation teams. And findings from DORA audits have alerted boards to weak security or resilience posture.”
“In financial services, we’re seeing an intensifying focus across the three lines of defence compared to recent years. This has led to the creation of more positions such as first-line and second-line governance control.”
There was considerable recruitment activity – mainly in the second line of defence – in business continuity management (BCM) across the German market.
Collaboration between BCM and IT service management on first-line implementation featured prominently in recruitment, as businesses built up their disaster recovery plans and business continuity processes.
In financial services, BCM advanced into the second line, with direction from ITSM and DORA for implementation.
2025 also saw significant growth in cloud security roles, mainly away from Azure in favour of GCP and AWS, with the latter signalling its potential to become Germany’s market leader in cloud security.
Seniority in the cyber security and data privacy job market
In common with other countries, Germany’s cyber security and data privacy employers showed a marked favour for recruiting mid-level professionals in 2025.
“Many CISOs are clearly staying in their current roles due to fears of losing the next job they move to,” says Kieran. “We’re seeing a moderate rise in mid-tier levels, from senior expert to senior manager, but no real increase from CISO upwards.”
Meanwhile, at senior management level in particular, employers were looking for candidates with the skills to cover more areas than would have been the case in the past.
How confident are candidates in the current job market?
Amid a deep economic downturn, it was perhaps unsurprising to see a drop in candidates’ confidence levels.
| Confidence level | % candidates in 2025 | % candidates in 2024 |
|---|---|---|
| Very confident | 24% | 56% |
| Somewhat confident | 56% | 31% |
| Not at all confident | 20% | 13% |
AI in Germany’s cyber security and data privacy job markets
Across the German economy, use of generative AI was close to the European average. An extensive survey by the European Investment Bank found that 39% of German firms were using generative AI, compared to an EU average of 37%.
It was in manufacturing that both Germany and Europe stood out, with a number of impressive early adopters, such as Siemens, which had introduced AI at its Bavarian factory over five years previously.
“There’s a mix of buoyancy and caution in Germany’s approach to AI,” says Kieran. “The buoyancy is particularly apparent in Berlin with its vibrant AI startup scene. More broadly, though, a more cautious approach is discernible, with many expressing concerns about moving too quickly with AI.”
“There’s a mix of buoyancy and caution in Germany’s approach to AI.”
The EU AI Act provided a focal point of reassurance for those keen to exercise caution. Applicable from August 2026, it provides a risk-based framework, and is intended to foster adoption and growth. Providers will need robust risk management, high-quality training data and comprehensive technical documentation.
However, many businesses expressed concern that the EU AI Act would create too much red tape, slowing down development. The EU pushed back on areas of the Act deemed particularly onerous. The hope was that this would result in a simplified AI risk framework that would encourage investment and commercial adoption, in turn increasing opportunities for governance professionals.
AI is already making its mark on recruitment. In our survey of cyber security and data privacy candidates in Germany, 61% of respondents said they had used AI to improve their chances at the job application stage.
Looking at the overall recruitment process, however, 49% said that AI was not making recruitment processes either more effective or efficient.
What impact do you think AI has on recruitment processes?
% of candidates
In line with that finding, 46% of candidates felt that AI worsened the recruitment processes, and only 20% thought that there was an improvement. A significant proportion of respondents, 34%, had not noticed any use of AI during the recruitment process.
Equality, diversity and inclusion in Germany’s cyber security and data privacy markets
As a leading recruiter in its areas of specialism, Barclay Simpson is well-positioned to present an annual picture of equality, diversity and inclusion (EDI) in Germany’s cyber security and data privacy job markets. Every year, we gather anonymised data to improve understanding of candidate perspectives and organisational commitment in this area.
To which gender do you most identify?
| Gender | 2025 (% of candidates) | 2024 (% of candidates) |
|---|---|---|
| Male | 83% | 81% |
| Female | 17% | 13% |
| Prefer not to say | 0% | 6% |
The data reflects the continued gender imbalance in Germany’s cyber security and data privacy talent pool, with 83% of respondents identifying as male and 17% as female.
Candidates’ views shifted slightly in 2025, with fewer describing EDI as ‘very important’ and more selecting ‘somewhat important’.
Candidates’ personal view of EDI
| How important is EDI to you personally? | 2025 (% of candidates) | 2024 (% of candidates) |
|---|---|---|
| Very important | 37% | 44% |
| Somewhat important | 46% | 37% |
| Not at all important | 17% | 19% |
Candidates’ view of employers’ commitment to EDI was considerably more positive than negative, as it also was in the previous year’s survey.
Organisational commitment to EDI
| Response | 2025 % candidates | 2024 % candidates |
|---|---|---|
| Strongly agree | 32% | 25% |
| Agree | 29% | 50% |
| Neutral | 29% | 19% |
| Disagree | 7% | 0% |
| Strongly disagree | 3% | 6% |
Turning their attention to organisational impact, few surveyed candidates strongly agreed that their employer’s commitment to EDI made a real difference. That said, even fewer candidates disagreed.
Impact of employers’ commitment to EDI
| Response | 2025 % candidates | 2024 % candidates |
|---|---|---|
| Strongly agree | 22% | 0% |
| Agree | 24% | 31% |
| Neutral | 37% | 50% |
| Disagree | 15% | 6% |
| Strongly disagree | 2% | 13% |
Salary and bonus trends in Germany’s cyber security and data privacy job markets
It can be hard to make broad-brushed statements about salary movements in an economy as large and complex as Germany’s. Overall, however, there was a slight downward trajectory in Germany as macro conditions began to bite.
“Against a challenging economic backdrop, employers tended to be less generous than in previous years as budgets shrank,” says Kieran Green, Principal Consultant at Barclay Simpson. “With the rise in redundancies, we saw more unemployed candidates accepting lower salaries to stay in work.”
“Against a challenging economic backdrop, employers tended to be less generous than in previous years as budgets shrank.”
There were exceptions, financial services being a significant one. In that sector, we saw starting salaries increase as work generated by the DORA framework continued. A shortage of cyber security and data privacy professionals with a financial services specialism was a secondary factor.
As is often the case, niche areas such as operational technology security proved resistant to this downward trend, due to a skills shortage in Germany.
Bonuses lose top benefit position
Our latest survey revealed a shift in candidates’ rankings of employment benefits. The annual bonus, previously the most valued benefit, slipped down to third position.
The most valued employment benefits
| Benefit | 2025 | 2024 |
|---|---|---|
| Remote working | 46% | 32% |
| Flexible working | 27% | 12% |
| Annual bonus | 12% | 44% |
| Training allowance | 7% | 0% |
| Company share options/Share save scheme | 5% | 0% |
| Private healthcare | 3% | 0% |
| Enhanced pension scheme | 0% | 12% |
The financial value of bonuses, meanwhile, presented a mixed picture. From our survey we saw that more employers were paying bonuses and more employees were receiving bonuses in the range of 1–20%. But there was also a drop in bonuses of 21–30%.
What was your most recent bonus as a percentage of salary?
| Bonus as % of salary | 2025 | 2024 |
|---|---|---|
| 0% | 19% | 31% |
| 1–10% | 42% | 31% |
| 11–20% | 22% | 19% |
| 21–30% | 2% | 12% |
| 31–40% | 8% | 6% |
| 41–49% | 2% | 0% |
| Prefer not to say | 5% | 0% |
Remote working
In the place of bonuses, remote and flexible working assumed greater importance. In our latest survey, 46% of candidates identified remote working as their most valued benefit, compared to 32% in the previous year’s survey. And 90% ranked remote working somewhere in their top three benefits.
The resurgence of ‘return to work’ demands from German employers seems to be intensifying the appreciation of remote working patterns. It also seems to translate into reality. While in 2024, 50% of surveyed candidates were working remotely five days a week, for example, in 2025 this number was down to 29%.
| How many days a week do you work remotely? | 2025 % candidates | 2024 % candidates |
|---|---|---|
| 5 days – fully remote | 29% | 50% |
| 4 days | 15% | 12.5% |
| 3 days | 24% | 12.5% |
| 2 days | 20% | 19% |
| 1 day | 2% | 6% |
| 0 day – full time in the office | 10% | 0% |
The number of candidates wishing to work on a fully remote basis also dropped, from 38% in 2024 to 32% in 2025.
Candidates chase after career development opportunities
39% of professionals in Germany surveyed in 2025 cited career development as their top incentive for changing jobs, compared to only 18% in the previous year when the leading motivator was remuneration, at 50%.
Along similar lines, job security has leapt up to 24% (from 0%) as candidates’ top motivation. It marks the first time in our surveys that job security has become more important than remuneration to candidates considering cyber jobs in Germany.
“German professionals are narrowing their focus to core career considerations such as job security, skills development and progression.”
“Our survey findings are strikingly different from previous years,” says Kieran. “It’s becoming clear that in a tougher job market, German professionals are narrowing their focus to core career considerations such as job security, skills development and progression.”
What is your main priority when considering a new role?
| Candidates’ main priority when considering a new role | 2025 | 2024 |
|---|---|---|
| Career development | 39% | 19% |
| Job security | 24% | 0% |
| Remuneration | 15% | 50% |
| Remote working | 10% | 12.5% |
| Work/life balance | 10% | 12.5% |
| Better benefits | 2% | 6% |
Remuneration remained important though, with 30% of job candidates citing ‘advertised salaries or day rates are too low’ as the biggest challenge when securing a new role. And although remote working lost some standing as a job change driver, 61% of candidates surveyed said they would consider moving if they did not have the remote/office working pattern they wanted.
Cyber security and data privacy Germany salaries
The following tables provide an overview of current salary benchmarks for key cyber security and data privacy roles. Figures reflect average base salaries and day rates for professionals across Germany, as well as those working remotely.
Leadership salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| CISO (Global / EMEA) | €180k+ | €180k+ | €180k+ |
| Head of Cyber Defence | €130k–€200k | €130k–€200k | €130k–€200k |
| Head of IT Risk | €130k–€200k | €130k–€200k | €130k–€200k |
| Head of GRC (Cyber Risk) | €120k–€170k | €120k–€170k | €120k–€170k |
| Head of Information Security (dept above 10+) | €160k+ | €160k+ | €160k+ |
| Head of Information Security (dept under 10+) | €100k–€160k | €100k–€160k | €100k–€160k |
| Head of Security Architecture | €130k–€200k | €130k–€200k | €130k–€200k |
| Head of Security Operations | €120k–€150k | €120k–€150k | €120k–€150k |
| Head of Incident Response | €110k–€150k | €110k–€150k | €110k–€150k |
Governance, risk and compliance salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Business Information Security Officer | €115k–€160k | €115k–€160k | €115k–€160k |
| Information Security Manager (team above 5+) | €95k–€135k | €95k–€135k | €95k–€135k |
| Information Security Manager (team under 5+) | €85k–€120k | €85k–€120k | €85k–€120k |
| Information Security Officer | €100k–€130k | €100k–€130k | €100k–€130k |
| IT Risk Manager | €95k–€140k | €95k–€140k | €95k–€140k |
| Third Party Risk Lead | €85k–€115k | €85k–€115k | €85k–€115k |
| Information Security Analyst | GRC | €60k–€85k | €60k–€85k |
| Information Security Analyst | GRC (exp below 4+ years) | €50k–€75k | €50k–€75k |
Security architecture and engineering salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Application Security Architect | €100k–€140k | €100k–€140k | €100k–€140k |
| Application Security Engineer | €90k–€120k | €90k–€120k | €90k–€120k |
| DevSecOps Engineer | €90k–€120k | €90k–€120k | €90k–€120k |
| Information Security Engineer | €75k–€110k | €75k–€110k | €75k–€110k |
| Cloud Security Architect | €110k–€150k | €110k–€150k | €110k–€150k |
| Cloud Security Engineer | €90k–€120k | €90k–€120k | €90k–€120k |
| Enterprise Security Architect | €120k–€160k | €120k–€160k | €120k–€160k |
| Security Solutions Architect | €90k–€150k | €90k–€150k | €90k–€150k |
Cyber defence salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Security Operations Analyst | €45k–€85k | €45k–€85k | €45k–€85k |
| Security Operations Manager | €90k–€130k | €90k–€130k | €90k–€130k |
| Head of Security Operations | €120k–€150k | €120k–€150k | €120k–€150k |
| Cyber Threat Intelligence Analyst | €60k–€90k | €60k–€90k | €60k–€90k |
| Head of Cyber Threat Intelligence | €110k–€150k | €110k–€150k | €110k–€150k |
| Incident Response Analyst | €60k–€90k | €60k–€90k | €60k–€90k |
| Incident Response Lead | €90k–€120k | €90k–€120k | €90k–€120k |
| Head of Incident Response | €120k–€150k | €120k–€150k | €120k–€150k |
| Head of Cyber Defence | €130k–€160k | €130k–€160k | €130k–€160k |
| SOC Engineer | €55k–€95k | €55k–€95k | €55k–€95k |
Business continuity salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Business Continuity Analyst | €35k–€60k | €30k–€55k | €35k–€60k |
| Business Continuity Specialist | €70k–€90k | €70k–€90k | €70k–€90k |
| Business Continuity Manager | €60k–€85k | €60k–€75k | €60k–€85k |
| Business Continuity Lead | €80k–€120k | €80k–€120k | €80k–€120k |
| Head of Business Continuity | €100k–€140k | €100k–€140k | €100k–€140k |
Operational resilience salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Operational Resilience Analyst | €50k–€60k | €50k–€60k | €50k–€60k |
| Operational Resilience Specialist | €70k–€90k | €70k–€90k | €70k–€90k |
| Operational Resilience Manager | €70k–€95k | €65k–€80k | €70k–€95k |
| Operational Resilience Lead | €90k–€120k | €90k–€120k | €90k–€120k |
| Head of Operational Resilience | €100k–€150k | €100k–€130k | €100k–€150k |
Identity and access management salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Head of IAM | €120k–€140k+ | €120k–€140k+ | €120k–€140k+ |
| IAM Manager | €90k–€130k | €90k–€130k | €90k–€130k |
| CIAM/PAM Lead | €95k–€120k | €95k–€120k | €95k–€120k |
| IAM Product Owner | €95k–€120k | €95k–€120k | €95k–€120k |
| IAM Architect | €90k–€120k+ | €90k–€120k+ | €90k–€120k+ |
| IAM Engineer | €75k–€95k | €75k–€95k | €75k–€95k |
| IAM Analyst | €60k–€85k | €60k–€85k | €60k–€85k |
Penetration testing salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Entry level Penetration Tester | €45k–€55k | €45k–€55k | €45k–€55k |
| Mid Level Penetration Tester | €55k–€95k | €55k–€95k | €55k–€95k |
| Manager level Penetration Tester | €95k–€125k | €95k–€125k | €95k–€125k |
Security transformation salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Information Security Programme Manager | €100k–€140k | €100k–€140k | €100k–€140k |
| Information Security Project Manager | €65k–€110k | €65k–€110k | €65k–€110k |
| Information Security PMO Manager | €75k–€120k | €75k–€120k | €75k–€120k |
| Information Security Business Analyst | €75k–€120k | €75k–€120k | €75k–€120k |
| Information Security Service Delivery Manager | €70k–€100k | €70k–€100k | €70k–€100k |
Data protection and privacy salaries
| Job role | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Analyst | €50k–€65k | €45k–€60k | €50k–€65k |
| Senior Analyst | €60k–€75k | €55k–€65k | €60k–€75k |
| Manager | €80k–€115k | €80k–€115k | €65k–€95k |
| Lead | €90k–€120k | €75k–€100k | €90k–€120k |
| Privacy Council (Lawyer) | €90k–€140k | €75k–€120k | €90k–€140k |
| Data Protection Officer | €100k–€150k | €90k–€140k | €100k–€150k |
| Global Privacy Officer / Director | €140k–€200k | €120k–€160k | €140k–€200k |
| Group / Global Head of | £100k–£150k | £90k–£140k | £90k–£140k |
| Chief Privacy Officer / Director | £150k–£250k | £120k–£160k | £120k–£160k |
Ai governance salaries
| Job role | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Analyst | £60k–£70k | £55k–£65k | £55k–£65k | £450–£500 |
| Senior Analyst | £70k–£100k | £60k–£90k | £60k–£90k | £450–£500 |
| Manager | £100k–£130k | £90k–£120k | £90k–£120k | £450–£550 |
| Lead / Head of | £130k–£150k | £125k–£145k | £125k–£145k | £500–£750 |
| AI Counsel | £100k–£150k | £75k–£120k | £75k–£120k | £700–£900 |
| Group / Global Head of | £120k–£160k | £110k–£150k | £110k–£150k | £900–£1,200 |
| Chief AI Officer / Director | £150k–£250k | £150k–£250k | £140k–£200k | £1,000–£1,500 |
Attract and retain the cyber security and data privacy professionals you need with Barclay Simpson
Barclay Simpson has specialised in the recruitment of cyber security and data privacy professionals since 2001. Our practice covers information security, cyber security, technology risk, data protection and privacy. Our established team in Germany has extensive experience of recruiting for permanent in-house and consulting positions across a wide range of sectors. We can help you create a talent attraction strategy with competitive salary offerings and support you as you build a cyber security or data privacy team that’s future proof. Or we can help you find a role that aligns with your long-term career goals. Arrange a consultation today.
If you are interested in a new cyber security or data privacy position or to find out more about our recruitment services, get in touch today.
