Skip to main content
Cybersecurity

Cybersecurity Salaries Stagnate Amid Rising Threats and Workloads

Person sitting at desk with laptop and papers, surrounded by empty office spaces, with a neutral and slightly concerned…

"Cybersecurity has become a victim of its own effectiveness," Ankur Anand, CIO at Harvey Nash, told The Register.

Harvey Nash survey: pay freezes amid rising demand

New data from global recruiter Harvey Nash paints a stark picture: 71% of information-security professionals worldwide saw no salary increase in the last year. The situation was worse in the UK, where 77% of security staff experienced wage stagnation. Those figures come from a survey of tech workers across 53 countries.

By contrast, 45% of all tech workers reported pay rises. DevOps professionals were the most likely to benefit, with 56% receiving salary increases. More than half of employees in adjacent disciplines — including infrastructure, AI/ML, and product management — also saw pay increases. Despite cybersecurity being one of the top-three most in-demand roles in the tech sector, security teams now sit in the bottom three for overall workplace satisfaction, alongside QA testers and infrastructure staff.

Boardroom complacency collides with rising threats

Anand linked pay stagnation to a paradox: when security teams prevent incidents, absence of visible harm can breed complacency among senior leadership. "When teams do their job well, the absence of incidents leads to complacency at senior levels," he said.

That complacency comes as multiple indicators show the threat environment is worsening. The UK's National Cyber Security Centre reported a 50% rise in its most severe attack category less than a year ago. Data from security vendors Check Point and Fortinet, and a January World Economic Forum report, all point in the same direction: threats are mounting. Anand warned that AI is compounding the problem by expanding the attack surface and increasing the volume, speed, and complexity of what security teams must handle.

Employer-controlled market and shrinking entry opportunities

The cybersecurity labour market has shifted from the recent "skills-gap" panic to an employer-controlled environment. Harvey Nash reports full-time job opportunities are beginning to plummet as global economic pressures combine with technological change — notably AI — that is erasing entry-level positions. That combination reduces mobility for workers even as workloads grow.

The survey also captures why many security professionals are staying put: 56% cite genuine job satisfaction, while 24% say they are not confident they would find anything better right now. The net effect, according to Harvey Nash, is a workforce facing rising responsibility with limited recognition — a recipe for burnout and attrition.

What this means for technologists, enterprises, and regulators

  • Technologists and security teams: Higher workloads, legacy technology, and distributed work models are increasing pressure. With pay lagging and progression limited, burnout and attrition become more likely, even among in-demand roles.
  • Enterprises and procurement leaders: Harvey Nash warns that treating security as a cost centre rather than a strategic capability risks slower incident response and greater exposure. Anand says organizations need to match responsibility with reward, progression, and leadership support to retain talent and build trust with customers and boards.
  • Regulators and security authorities: Rising counts of severe attacks reported by the UK's National Cyber Security Centre, and corroborating vendor and forum reports, underscore a disconnect between boardroom perception and operational risk that regulators will watch closely.

A wake-up call from Harvey Nash

Anand framed the findings as an urgent management challenge: "The data should be a wake-up call. We're asking cybersecurity teams to stand on the front line of business risk, yet too often we're not matching that responsibility with the reward, progression, and operating environment that keeps people in the profession." He concluded that organizations which "get this right" will not only retain talent but "build trust with customers, regulators, and their own boards."

The survey lays down a clear choice for corporate leaders: translate the evident demand for cyber skills into compensation and operating support, or accept the operational fragility that follows growing workloads and shrinking pay.

Read the original story