Introduction
Cybersecurity is a crucial aspect of modern businesses, organizations and governments. It has become a critical component in protecting sensitive information and systems from cyber attacks. Nigeria, as one of the largest economies in Africa, has seen a surge in demand for cybersecurity professionals.
To provide a comprehensive understanding of the salary trends in the Nigerian cybersecurity industry, a salary survey was conducted. This article will present the findings of the survey and offer insights into the current state of the cybersecurity job market in Nigeria.
The data was collected in May 2022 from 133 participants and all amount are in Naira(Net of tax and other deductions)
Industry Distribution
The information technology and financial institution had the highest distribution of participants with 39.85 and 26.32% of the participants from these industries. It is not surprising as these are sectors in Nigeria with the highest number of cybersecurity professionals.
Location Distribution
We had participants from different locations and Lagos and Abuja had the highest number of participants with 62.41% and 17.29% respectively. With Lagos being the “headquarters” for tech in Nigeria, it is not surprising that it houses a large number of cybersecurity professionals as well.
| Row Labels | Percentage | Average of Salary |
| Lagos | 62.41% | 294,048 |
| Abuja | 17.29% | 182,043 |
| Not Available | 8.27% | 306,227 |
| Nigeria | 3.01% | 177,250 |
| Kaduna | 3.01% | 109,000 |
| Remote | 0.75% | 350,500 |
| Gusau Zamfara State | 0.75% | 73,000 |
| Enugu | 0.75% | 88,000 |
| Delta state | 0.75% | 79,000 |
| Plateau | 0.75% | 150,000 |
| Ekiti | 0.75% | 150,000 |
| Ibadan | 0.75% | 150,000 |
| Niger | 0.75% | 250,500 |
| Grand Total | 100.00% | 2,359,258 |
How much individual earn by years of Experience
From our survey and data collected, an entry level cybersecurity professional earns an average of 130,947.37 Naira.
| Row Labels | Average of Salary | Count of SN |
| 0-1 year | 130,947.37 | 28.57% |
| 1-3 years | 221,581.63 | 36.84% |
| 3-5 years | 391,983.33 | 22.56% |
| 5- 7 years | 315,437.50 | 6.02% |
| 8 – 10 years | 617,166.67 | 2.26% |
| Above 10 years | 485,900.00 | 3.76% |
| Grand Total | 258,627.82 | 100.00% |
How much Individuals earn based on Roles.
The table below gives an insight on how much cybersecurity professionals are earning(averagely) based on their roles.
| Job Title | Average of Salary | Percentage |
| Information Security Manager | 518,285.71 | 5.26% |
| IT Security Auditor/GRC Analyst | 357,384.62 | 9.77% |
| Security Engineer | 296,535.71 | 10.53% |
| Information Security Analyst | 258,531.25 | 36.09% |
| Cybersecurity/ IT Security Consultant | 216,090.91 | 8.27% |
| Others | 182,458.33 | 18.05% |
| SOC Analyst | 175,406.25 | 12.03% |
| Grand Total | 258,627.8195 | 100.00% |
The Factors Influencing Cybersecurity Professionals Salary in Nigeria.
There are many factors influencing the low earning/pay of the average cybersecurity professional in Nigeria .
Currently the implementation of cybersecurity is happening on two fonts in Nigeria; The Private and public fonts: These two fonts are moving at different pace.
The Private Fonts of Cybersecurity in Nigeria
The private fonts have the likes of Finance and Information Technology focused / reliant organizations within them that are majorly regulated by the Central Bank of Nigeria (CBN), Nigerian Communications Commission (NCC) and others.
These regulations have become a driver and motivation for the massive implementation we have seen in the private fronts where it has been properly observed that many are implementing cybersecurity to stay in compliance with regulations.
We can say this motivation is a contributing factor for the low earning / pay of an average cybersecurity professional in Nigeria, here is why.
Security Budgets Goes to Third party Service Providers
Since the focus is on compliance, many of these organizations are heavily relying on third party service providers (Managed Security Service Providers, Top 4 Risk House) that can help manage their cyber risk to ensure compliance is attained without really caring if security is ensured. Hence, those that are employed inhouse to deal with the operational aspect of managing cyber risk are left to manage the crumbs that are left off the security budget.
Employers should never see Cybersecurity as an after-thought. Cybersecurity should be budgeted for, just like other important part of the business. The salaries of Cybersecurity professionals should make people want to work in Nigeria as a Cybersecurity professional.
Iretioluwa Akerele – Founder, Cybarik
Automation is Eating the Money.
The new trend of how automation is becoming so effective in addressing cybersecurity risk and incidents in terms of response, orchestration and analysis which have thrown many cyber leaders within the private front into the hands of snake oil vendors of cybersecurity products. This technology comes at a very high cost of ownership with promises that it will drastically reduce their need for human analysts.
We have observed that such conditioning has induced many Chief Information Security Officers and Head of Information Security to direct the larger chunk of their cybersecurity budget to just technologies leaving the people aspect to suffer. Decisions like this have also reduced the investment organizations put into training and effectively building competence of human resources (Cybersecurity professionals).
However, we have seen professionals transitioning faster than necessary from one organization to the other due to the low earning / pay, ‘the run for money’ motivation mindset has also bolded the employer choice of not investing on training, making it impossible to really build a formidable team that will be responsible at the operational level.
The Public Font of Cybersecurity in Nigeria
Looking at this same discussion from the public font, many government related organizations are yet to see the value they can get with investing in cybersecurity, so few have a department that is focused on that and others have allowed the responsibility to rest on Information Technology team for now.
Employing a separate team to focus on cybersecurity in the public front will put the human resource on the payroll of the government where they cannot be expected to jump the status quo but follow it as they grow up the ladder of the work/pay scheme. Up until now many does not have a dedicated budget for cybersecurity so to say which is a sign that this discussion is not happening yet at the top level of management or it is not being taken seriously yet at the top level.
So, in a country with a low pay scheme for workers generally on all fronts, it cannot do anything better or different when it comes to cybersecurity.
This is following the saying “you cannot give what you don’t have”. We have seen professionals today taking remote jobs /side gigs to compliment this low pay grade coming from their primary place of assignment for those that can do it, while others have used their organizations as stepping stones to transition out of the country for better opportunities. This trend of foreign transition is what we now call “Japa” which is ravaging all skills dependent sectors of the economy as this number is increasing on a daily basis – To be honest there are other environmental factors as well
Some Thoughts from Cybersecurity Leaders.
Iretioluwa Akerele says: “Cybersecurity salary in Nigeria varies depending on the level of experience, role and organization. The expectations of employers regarding Cybersecurity varies in organizations, this can influence the amount budgeted to pay employees. Based on the result of the analysis and my knowledge of the salary range of some cybersecurity professionals in Nigeria, I believe that organizations can do better. Cybersecurity professionals should be rewarded for the amount of work they are doing. If a potential employee requests for a salary smaller than what was planned during their interview, the employee should not be short-changed. Issues like this may lead to the inability to retain the right talents.”
A Chief Information Security Officer also added “ the salaries for experienced cybersecurity professionals isn’t fair, it should be higher to live a decent life. While the average pay for professionals with less than 1 year work experience can be excused, I believe people with more experience should earn more.
This low earning doesn’t make up for the burnout that a lot of cybersecurity professionals experience, it doesn’t allow them afford decent housing in high-cost cities like Lagos and Abuja where the majority of cybersecurity jobs are. This also contributes to high attrition rate and exodus of our cybersecurity talents to western countries.
Sadly, there’s very little employees can do better in a talent market where there are more talents than available entry level roles. However, I’ll say employees should use their first year at a job to learn on the job and also leverage other perks of the job like paid certifications. This will significantly increase their salary negotiation power at their next job.
Employers should stack up more perks for employees with low wages. Especially housing support, health insurance, staff transportation arrangements. This will reduce the out of pocket expenses that employees have to make. It’s also important to create a friendlier and conducive work environment, as well as policies supporting employees’ professional and personal growth. Employees will be better incentivized to give their best to the organization, with or without a bond.”
Investing in Cybersecurity Professionals
Cybersecurity professionals are in high demand and play a crucial role in protecting organizations from cyber threats and data breaches. Given the increasing sophistication of cyber attacks, the importance of securing sensitive information, and the potential consequences of a successful breach, it is crucial that organizations invest in hiring top-quality professionals in this field.
Cybersecurity professionals are responsible for designing and implementing security measures to protect against cyber attacks, responding to security incidents, conducting risk assessments, and ensuring that security policies and procedures are being followed. They also must stay up-to-date with the latest security technologies and threat intelligence to stay ahead of the evolving threat landscape.
Because of the high stakes involved, it is essential that organizations attract and retain the best talent in the field by offering competitive compensation packages. High salaries and benefits not only help to attract top talent, but also incentivize professionals to continue to develop their skills and stay current with the latest cybersecurity advancements.
In conclusion, cybersecurity professionals are essential to protecting organizations from cyber threats and data breaches, and their expertise and knowledge is critical to ensuring the confidentiality, integrity, and availability of sensitive information. For these reasons, cybersecurity professionals should be paid well as a reflection of the critical importance of their role and the value they bring to organizations.
Authors
Contributors
Oluwatobi Ayodele, Kayode Bamidele.
Thank you Mubarak Adigun for the data visualization
