A fifth of IT security contractors saw a decline in their pay last year, according to the Information Security Solutions bi-annual survey into UK salaries.
Contractors earned an average day rate of £550, with the most significant declines noted in the Midlands, London and the South.
Thirty-eight per cent said their salaries stayed the same, with just 42 per cent reporting an increase.
In contrast, only eight per cent of permanent IT security workers reported a pay cut, while 51 per cent said their salary had increased, and 41 per cent reported static salaries. However, there was a slight decline in the number of respondents who reported a salary increase compared with 2009 (56 per cent).
Generally, the most senior roles appeared to be affected by the pay cuts.
Twelve per cent of respondents holding head of function roles, such as chief information security officer or head of IT risk, reported a pay decrease, compared to none in 2009, while senior managers (58 per cent) and team leaders (56 per cent) reported an increase.
John Colley, managing director of EMEA for (ISC)2, said: “It is interesting to see that the cuts are largely hitting at the top and at the expensive contract resources.
“This suggests a focus on hands-on talent, which is in line with what we have seen in our own research: an expected rise in management focus did not materialise, while more people are reporting being in architectural and operational roles.”
Meanwhile, the survey found that the average UK salary for a head of function role was £103,500.
The highest paid industry for these roles was the financial sector, with an average of £140,000 in salary and bonuses. This was £11,000 more than the second highest paid sector, consultancy, which was the highest in 2009.
However senior IT security managers in the consultancy sector were still best paid, earning an average £114,000, followed by the financial sector with £112,000. Senior managers in education had the lowest pay, an average £65,000.
A total 500 people responded to the survey, which was carried out in March 2011. It polled the membership of organisations including (ISC)2, ISACA, the British Computer Society Information Security Specialist Interest Group and the ISO/IEC 27001 UK user group.