UK Government Cybersecurity Positions Yield Average Salaries Below £45,000, Research Indicates

UK public sector cybersecurity roles offer an average salary of £44,739 ($60,070) annually, as revealed by a recent study conducted by Bridwell. This cybersecurity firm analyzed 768 job listings across various sectors on the recruitment platform Indeed.

The findings indicate that government and public administration roles offer some of the lowest average salaries in cybersecurity. The only sector that reported lower salaries was non-profit and non-governmental organizations (NGOs), with an average compensation of £40,750 ($54,717).

The UK government has faced criticism for its low salary offerings in cybersecurity in recent years. An example of this was a 2023 job listing for a head of cybersecurity at HM Treasury, which garnered backlash for specifying an annual salary range of only £50,550–£57,500 ($67,877–$77,209).

In a March 2025 meeting, Cat Little, the civil service’s COO, informed the UK’s Public Accounts Committee that salary increases for government cybersecurity specialists are essential to effectively compete for talent against the private sector.

According to the study, industries providing the highest average cybersecurity salaries in the UK include insurance at £79,167 ($106,301), legal at £75,000 ($100,706), and finance at £74,998 ($100,703). Conversely, several sectors such as pharmaceuticals and biotechnology, restaurants and food, arts, entertainment and recreation, and property exhibited little to no salary transparency.

Sectors like management and consulting, along with retail and wholesale, also showed minimal salary information availability. In contrast, all government and public administration roles disclosed salary details.

Significant Variation in Sector Demand

The IT industry leads in the number of open cybersecurity roles in the UK, accounting for 27% (209 roles) of the total positions reviewed. This is followed by management and consulting (17%) and finance (15%). Government and public administration roles made up only 3% (23 roles) of advertised positions.

The sectors with the least advertised positions included property (two roles), arts, entertainment and recreation (two roles), and legal (seven roles).

Anthony Young, CEO at Bridewell, noted that while the cybersecurity skills gap is often publicized, the data indicates there is not a surplus of available jobs, particularly for entry-level positions. He emphasized that the skills gap primarily concerns more advanced, senior roles that usually require niche expertise, such as OT security, architecture, and engineering.

Young remarked: “Transparency, whether in pay, job availability, or skill expectations, is critical to closing the gap between job seekers and employers. A more honest dialogue is needed to identify these gaps and collaboratively address them.”