Cybersec is a thankless job: expanding workload and shrinking pay packet

Global recruitment giant says 71% of human firewalls saw wages stagnate last year as threats and responsibilities grew

Cybersecurity professionals were the most overlooked workers in IT when it came to pay rises in 2025, according to new figures from recruiter Harvey Nash.

The trend was especially stark in the UK, where 77 percent of all security staff saw no salary increase, although the pattern was observed globally too with 71 percent of infoseccers experiencing wage stagnation.

For context, 45 percent of all tech workers received pay rises across the 53 countries surveyed, and even DevOps - the most generously rewarded discipline - only reached 56 percent. More than half of those working in adjacent disciplines, including infrastructure, AI/ML, and product management, received wage increases.

The pay squeeze is taking a toll: security professionals now rank in the bottom three for overall workplace satisfaction alongside QA testers and infrastructure bods - despite cybersecurity being in the top-three most in-demand positions across the tech industry.

Ankur Anand, CIO at Harvey Nash, the IT recruitment biz which gathered the latest data, told The Register that security salaries are stagnating because successful teams are breeding complacency at the board level.

"Cybersecurity has become a victim of its own effectiveness," he said. "When teams do their job well, the absence of incidents leads to complacency at senior levels. 

"At the same time, AI is expanding the threat surface and increasing the volume, speed, and complexity of what security teams have to deal with. When you layer that onto constant pressure, legacy technology, and highly distributed working models, you end up with a workforce carrying huge responsibility with limited recognition. That combination is a powerful driver of burnout and attrition."

That boardroom complacency sits awkwardly alongside warnings from security authorities. The UK's National Cyber Security Centre reported a 50 percent rise in its most severe attack category less than a year ago, and data from Check Point, Fortinet, and a January World Economic Forum report all point in the same direction: threats are mounting.

The salary data also comes during a period of instability in the cybersecurity job market, with full-time job opportunities starting to plummet due to global economics and technological innovations, like AI, erasing entry-level positions. 

Cybersecurity, like many other industries, is now in an employer-controlled job market – a far cry from the skills-gap panic of recent years.

The mood is visible in why people are staying put: 56 percent cite genuine job satisfaction, but 24 percent admit they're simply not confident they'd find anything better right now. 

Anand concluded: "The data should be a wake-up call. We're asking cybersecurity teams to stand on the front line of business risk, yet too often we're not matching that responsibility with the reward, progression, and operating environment that keeps people in the profession.

"When pay lags the market, workload keeps rising, and the role is seen as a blocker rather than an enabler, it's no surprise that attrition starts to look like the path of least resistance.

"If organizations want to reduce exposure and respond faster when incidents happen, they need to treat cyber talent as a strategic capability: valued, visible, and supported by leadership. The organizations that get this right won't just retain their best people – they'll build trust with customers, regulators, and their own boards." ®