7 Key Learnings from Aon’s Global Cyber Security Survey

November 10, 2017


Anyone paying attention to the news should be well aware of cyber security threats. We continue to see high profile cases of organizations announcing data breaches or business operations being shut down as a result of a cyber attack. The risk of damage to any company is significant, so much so that cyber security is now a hot topic that boards of directors are focused. This is a real governance issue and they need to ensure that the company is protecting itself. Cyber security is not just a problem for the Chief Information Officer to worry about anymore.  The entire business, including human resource functions, is taking action to mitigate their organization’s risk. In an earlier blog post about developing a cyber security talent strategy, we laid out several ways compensation professionals need to collaborate with their HR counterparts and the rest of the business to tackle issues such as organization design, staffing a compensation plan design.

We recently conducted Global Cyber Security Compensation and Talent Survey and came up with the 7 key learnings that you will likely find interesting.

  1. Is There a Cyber Security Hiring Crisis?

If you’re not already facing challenges in filling jobs in your information security organization, we suspect that this will change. Over two-thirds of the survey participants expect to increase headcount in cyber security roles in the coming year. And we’re not talking about adding one or two.  Seventy-six percent (75%) of companies plan to add to their cyber security team and nearly half of the organizations plan to increase by more than 5% This amount of increased demand typically results in wages increasing.

  1. Expert Level Security Talent is the Most Sought After

Most pressure for attracting and retaining talent is going to be in the senior technical expert level, as well as the technical expert level. Given the need of most companies to plan, design or engineer their overall security framework, the Security Architecture roles are by far, the most sought after.

  1. First Stop – Filling Security Roles from Within

Interestingly, companies are reporting that horizontal job moves are the most prevalent hiring strategy they plan to use for filling those open roles.  Horizontal job moves are great for getting people who know the organization and systems, but without a corresponding investment in skill development, it’s hard to envision how horizontal job moves from other roles will provide the senior level of technical expertise within cyber security.

  1. HR Professionals are Thirsty for Cyber Security Market Data

Participation in the survey was through the roof. We had over 700 participating organizations in the survey, representing the full range of industries. And it’s not just the number of companies that participated, but also the full range of thirty-nine (39) benchmark jobs within this still nascent market that companies matched. 

Why is that learning significant? Compensation pro’s are feeling the heat within their organizations to make sure they can help attract and retain the talent the organization needs.  There’s too much risk at stake for them.

  1. Demand for Talent is Driving Up Wages

Not surprising at all based on the increase hiring that companies are beginning to do for cyber talent, but 60% of the participating companies plan to increase compensation to retain their cyber security talent. One approach compensation professionals may take in situations of high demand is to pay hot skills premiums as a temporary pay type. In situations though were the demand is expected to be more of a long-term need, the approaches more often result in higher base salaries, higher incentive targets, or both.

In the survey this year, the majority of companies indicated that they plan to target pay at the 75th percentile of the market for their cyber security talent.

  1. Does LTI Differ Compared to Other Senior Manager Roles?

 Surprisingly, the data thus far does not suggest that companies are loading up their senior level managers with long-term incentive awards at a materIally different rate than others in the Information Technology job family or even other functions in the organization.  We find it surprising because it is common to see equity awards used as a retention tool in hot markets, particularly for senior management roles.  We suspect that because cyber security is still a nascent discipline, higher LTI award values are not showing up yet. This will be one to watch as we move ahead in future years.

  1. Stacking Up Targeted Total Cash for Technical Experts

 We looked at the progression of targeted total cash for the individual contributor roles as they progress up the JobLink levels.  There is a noticeable jump as we climb up to the Senior and Expert levels (JobLink 6 and 7). This supports the perspective that companies reported about where they plan to focus their hiring efforts by bringing in talent at the senior technical expert levels.

The Cyber Security Compensation and Talent Survey is an essential data source for compensation leaders who need to help their organization mitigate their data security risks.  Contact us to learn how you can purchase the results from this year and get on-board for participating in 2018. 




Previous Article
Tackling Trusted Traditions: Examining Life Insurer Sales Incentive Design Practices
Tackling Trusted Traditions: Examining Life Insurer Sales Incentive Design Practices

When considering sales incentive design practice among life insurers, the chorus from Fiddler on the Roof m...

Micro Labor Market Analyses
Micro Labor Market Analyses