Comply with ZDNET: Add us as a most popular supply on Google.
ZDNET’s key takeaways
- There is a massive mismatch between demand and rewards in cyber.
- Working strain is just more likely to enhance resulting from the usage of AI.
- Safety employees ought to give attention to technique and communication abilities.
Nearly 20% of organizations have reported a serious safety assault up to now two years, and the risk surroundings, whether or not resulting from prison exercise or the rise of latest AI-enabled fashions, comparable to Anthropic’s Mythos, continues to evolve at breakneck pace. Nonetheless, the cybersecurity professionals who assist their enterprises handle these challenges do not feel adequately rewarded — and most are fed up with the scenario.
That is the conclusion from the newly launched Harvey Nash International Tech Expertise & Wage Report, which surveyed over 3,646 expertise professionals globally. Whereas 19% of respondents reported a serious assault at their agency up to now 24 months, these working within the safety specialism had been the least more likely to report a pay enhance during the last yr.
Solely 29% of cyber professionals stated they’d obtained extra compensation for his or her efforts, which is in stark distinction to different roles, the place at the very least half of tech professionals obtained a pay enhance in 2025, particularly in DevOps (56%), product administration (51%), and enterprise evaluation (50%).
“The analysis clearly tells us that there is a massive mismatch between the demand and the reward in cyber,” stated Ankur Anand, group CIO at expertise and expertise options supplier Nash Squared, which owns tech recruiter Harvey Nash, the agency that produced the survey.
“I believe this mismatch is as a result of complacency of many boards saying nothing dangerous has occurred in the previous couple of years, so safety should be fantastic. And that is the irony — that when safety groups are doing a lot, and so they’re stopping injury to the group, they’re getting the least recognition.”
Motivation is waning
Unsurprisingly, the survey discovered that safety specialists have had sufficient. Folks working in cybersecurity are the third-most sad IT professionals globally (23%), simply behind these working in high quality assurance/testing (24%) and infrastructure/assist (25%).
What’s extra, the dearth of recognition and a common sense of despondency imply nearly half (49%) of cybersecurity professionals need to transfer jobs within the subsequent 12 months, properly above the worldwide common (39%) throughout expertise roles.
“Cyber is likely one of the few roles the place success is invisible, and failure may be very seen,” stated Anand, referring to the age-old enterprise problem of too many executives assuming safety is okay as a result of their group hasn’t been attacked.
Nonetheless, this complacency might rapidly turn into a serious challenge. Whereas 80% of organizations haven’t suffered a serious assault up to now two years, a failure from senior executives to acknowledge the dimensions of the cyber problem and to take care of their safety groups might imply the enterprise is subsequent within the firing line.
In these circumstances, the place cybersecurity issues proceed to rise, and firms proceed to stall at rewarding and retaining their proficient employees, many professionals can really feel their motivation for work begin to wane.
“It is the mixture of the dearth of recognition, the strain when it comes to guaranteeing that the injury isn’t completed, and that provides to the workload due to the legacy tech stack and the distributed workforce construction that’s doing the injury to folks’s motivation,” stated Anand.
AI brings new threats
Crucially, the working strain is just more likely to go a technique: upwards. The rise of AI brings new fashions, strategies, and dangers. Anand stated organizations and safety professionals should think about the pace at which AI is evolving and its seemingly influence on enterprise operations.
“After I assessment the risk vectors with my head of safety, it boggles my thoughts concerning the variety of vulnerabilities that outsiders try to compromise within the enterprise IT surroundings, and that actuality makes it very traumatic to work within the safety group,” he stated.
Such is the tempo of change that Anand stated the risk surroundings is shifting sooner than most organizations can structurally adapt. He usually speaks with digital leaders at different firms who say they’ve invested closely in safety however nonetheless battle to deal with the threats.
Some trade consultants are involved that present fears concerning the tempo of AI-enabled change are simply the start line. Anand acknowledges that the hype surrounding Anthropic’s Mythos mannequin is justified, with the potential for this mannequin and different AI-powered improvements to disrupt the entire trade.
“These developments present how AI can uncover all these sleeping vulnerabilities in programs,” he stated.
“Anthropic, as a accountable group, is attempting to make sure that the important thing platforms are addressing these vulnerabilities. Nonetheless, you additionally should take into consideration whether or not different non-responsible risk actors will create related instruments.”
Taking a proactive strategy
In brief, the trade is true to be involved about Mythos, and the ramifications might imply extra strain for cyber professionals. Nonetheless, it isn’t all dangerous information, and the analysis means that AI might assist to scale back the pressure on safety employees.
Cybersecurity professionals (48%) are the third-most seemingly IT staff to not really feel threatened by AI taking their jobs, behind firmware/{hardware} engineers (55%) and expertise leaders (58%). Anand stated safety specialists perceive that AI creates new dangers but in addition generates new alternatives.
“AI isn’t eradicating the necessity for safety; it’s growing it, and that is the place a cyber skilled provides worth — they’ll outline what beauty like,” he stated. “You have to assume, ‘Okay, how do I contribute to the AI technique of our group and guarantee what we do is inside the guardrails of the laws and information safety legal guidelines?'”
With the analysis suggesting that nearly half (49%) of cybersecurity professionals need to transfer jobs within the subsequent 12 months, safety specialists are more likely to discover themselves combating for alternatives in a aggressive labor market. Anand inspired cyber specialists to hone their AI capabilities and to develop abilities in different areas, together with technique and communication.
“The strongest cyber professionals in the present day mix the technical depth of the area with the enterprise context,” he stated. “They will clarify a safety challenge with out the jargon, with none drama, however by being very sensible concerning the enterprise influence and the way the agency manages it.”
Slightly than burdening the management with technical particulars, probably the most in-demand cyber employees are conscious of how specialist instruments, comparable to AI, can be utilized to scale back dangers, not enhance them. These cyber professionals clarify how good safety follow is essential to the general enterprise technique.
“This focus isn’t about audits, findings, and so forth,” stated Anand. “It is a few progressive thought course of — it is speaking about cyber strategically when it comes to enterprise wants, enterprise dangers, and enterprise readiness for the longer term.”
