Security awareness managers

The world is constantly changing! That means the environment within which information security is delivered is always changing. As quickly as the industry responds to a new threat or a change in regulations, hackers find a different way to infiltrate our systems and there’s more learning to be done.

With each new development, organisations have to try and make their entire staff aware of the risks and how to combat them.

Even those organisations that had resolutely managed to bury their heads in the sand for as long as possible were finally forced to take action with the introduction of GDPR in the EU last year. And that has led to a large increase in infosec roles across the board but particularly for security and privacy awareness managers who have never been in such high demand.

Security Awareness Manager’s salaries are growing!

That growth is reflected in the rising salaries of key positions in the sector, which grew an average 6.3% last year (a lot when you consider that average wage growth in the UK was 2.9%).

The average salary for security awareness managers has far outstripped both of those figures, increasing a massive 20% in just one year to take the average annual salary to £60-90k.

Why are Security Awareness Managers so important?

Security awareness managers bridge the gap between the information security function and staff, and, as hackers recognise, it’s often employees that are the weakest points of entry – employee awareness and, more importantly, behaviour, is of vital importance.

Whether it’s a phishing scam or trying to get people to download malware, employees are often targeted. It’s their lack of awareness and the choices they make which can lead to malicious or more often than not accidental breaches.

Security awareness managers are essential for trying to reduce user error leading to successful cyber-attacks or accidental breaches.

Some organisations are adding the responsibility for security awareness, behaviour and culture to other roles within the security function.

However an increasing number are recognising the need for dedicated and skilled resources if they are looking for meaningful change.. After all increasing awareness, to drive changes in behaviour, may sound simple but it’s certainly not easy and takes considerable time

We are witnessing more and more HR, L&D and internal comms team members, attending our workshops, being upskilled, enabling them to work alongside security professionals to help change staff levels of awareness and influence behaviour towards security risks. .

What does the future of cybersecurity hold?

The Capgemini Digital Transformation Institute survey asked 501 employers whether they perceive demand for cybersecurity within their organisation to be high now and in the future:

  • 68% – high now
  • 72% – will be high in the next 2-3 years
  • 69% – will be high in the next 4-5 years

Our own research and conversations have led us to the same conclusion – we think there’ll be a shortage of security awareness managers for some time to come. Here in the UK, it may get worse before it gets better as the outcome of Brexit is still unknown, though it is almost inevitably going to make it harder to hire the right people from outside the UK.

This is good news for outsourcers (like us!) and creates an opportunity to help more clients (through consultancy, training, mentoring, and hands-on comms) as we expect more and more organisations to fill infosec roles like Security Awareness Managers with external help.

What we hope it doesn’t do is create opportunities for hackers. And part of our mission is to upskill infosec professionals around the world to make sure that doesn’t happen.