Full Report
Global recruitment giant says 71% of human firewalls saw wages stagnate last year as threats and responsibilities grew
Analysis Summary
# Industry News: Cybersecurity Salary Stagnation Amid Escalating Threats
## Summary
A comprehensive global study by recruitment giant Harvey Nash reveals that 71% of cybersecurity professionals experienced salary stagnation in 2025, despite the field being one of the most "in-demand" tech disciplines. This trend is driven by boardroom complacency and a shift in market dynamics, leading to a significant disconnect between worker responsibilities and financial rewards.
## Key Details
- **Date:** April 27, 2026
- **Companies Involved:** Harvey Nash (Recruitment/HR), Check Point (Security Research referenced), World Economic Forum (Strategic Partner referenced)
- **Category:** Market Analysis and Workforce Trends
## The Story
While 45% of all tech workers globally received pay raises in 2025, the cybersecurity sector lagged significantly behind. In the UK, 77% of security staff saw no increase, while the global figure sat at 71%. This marks a sharp contrast to disciplines like DevOps, where 56% of workers received raises.
Industry experts attribute this "pay squeeze" to several paradoxes. First, the "success paradox": when security teams are effective, the lack of visible breaches leads leadership to underestimate the necessity of further investment. Second, the "AI paradox": while AI has increased the volume and complexity of threats, it has also led to the elimination of entry-level roles, creating an "employer's market" where companies feel it is no longer necessary to compete aggressively on salary.
## Business Impact
### For the Companies Involved (Harvey Nash)
- Positions the firm as a thought leader in tech talent management, highlighting their ability to identify critical risks in human capital.
### For Competitors
- Managed Security Service Providers (MSSPs) may see an opportunity to pitch outsourced services to companies struggling with internal staff attrition and dissatisfaction.
### For Customers
- Enterprise clients may face increased operational risk as high burnout and low morale among internal security teams lead to talent flight and slower response times.
### For the Market
- The shift from a "skills gap" panic to a saturated "employer's market" suggests a stabilization—or even a potential decline—in the lifetime value of traditional cybersecurity career paths if the trend continues.
## Technical Implications
- **AI-Driven Complexity:** Security teams are managing a wider threat surface created by Generative AI with legacy tools and stagnant budgets.
- **Automation Impact:** The loss of entry-level roles due to AI automation is creating a "missing middle" in the talent pipeline, which could lead to a shortage of senior experts in 3–5 years.
## Strategic Analysis
- **Market Positioning:** Organizations that continue to treat cybersecurity as a cost center rather than a strategic enabler are effectively "under-insuring" their human firewall.
- **Competitive Advantage:** Companies that buck this trend and invest in their security staff will likely achieve higher retention, deeper institutional knowledge, and greater resilience against sophisticated AI-backed attacks.
- **Challenges:** "Boardroom complacency" is the primary obstacle. Without a major incident to act as a catalyst, CISOs struggle to justify salary increases when broader economic conditions remain tight.
## Industry Reactions
- **Ankur Anand, CIO at Harvey Nash:** Warns that security has become a "victim of its own effectiveness," noting that the combination of high pressure and limited recognition is a "powerful driver of burnout."
- **Institutional Outlook:** Warnings from the WEF and security authorities suggest that while salaries are flat, the threat environment is entering its most volatile period yet.
## Future Outlook
- **Predictions:** We expect a "brain drain" from internal corporate security departments toward specialized consulting or non-technical AI roles where compensation is more competitive.
- **Watch For:** Increased attrition rates in Q3 and Q4 2026 as professionals who stayed put out of economic fear begin to seek better "job satisfaction" elsewhere.
## For Security Professionals
Practitioners should note that the market has shifted. Demonstrating value is no longer just about "keeping the lights on" (which leads to complacency). To secure raises in this environment, professionals must align their work with business enablement and risk reduction goals that are visible to the board. The era of the "guaranteed" cyber raise is over; specialized skills in AI governance and strategic risk management are now the primary levers for compensation growth.