Observe ZDNET: Add us as a most well-liked supply on Google.
ZDNET’s key takeaways
- There is a massive mismatch between demand and rewards in cyber.
- Working strain is simply more likely to improve as a result of using AI.
- Safety employees ought to concentrate on technique and communication expertise.
Virtually 20% of organizations have reported a significant safety assault prior to now two years, and the risk surroundings, whether or not as a result of legal exercise or the rise of latest AI-enabled fashions, equivalent to Anthropic’s Mythos, continues to evolve at breakneck velocity. Nevertheless, the cybersecurity professionals who assist their enterprises handle these challenges do not feel adequately rewarded — and most are fed up with the scenario.
That is the conclusion from the newly launched Harvey Nash World Tech Expertise & Wage Report, which surveyed over 3,646 expertise professionals globally. Whereas 19% of respondents reported a significant assault at their agency prior to now 24 months, these working within the safety specialism had been the least more likely to report a pay improve over the past 12 months.
Additionally: These 4 vital AI vulnerabilities are being exploited quicker than defenders can reply
Solely 29% of cyber professionals stated they’d acquired extra compensation for his or her efforts, which is in stark distinction to different roles, the place a minimum of half of tech professionals acquired a pay improve in 2025, particularly in DevOps (56%), product administration (51%), and enterprise evaluation (50%).
“The research clearly tells us that there’s a big mismatch between the demand and the reward in cyber,” stated Ankur Anand, group CIO at expertise and expertise options supplier Nash Squared, which owns tech recruiter Harvey Nash, the agency that produced the survey.
“I think this mismatch is due to the complacency of many boards saying nothing bad has happened in the last few years, so security must be fine. And that’s the irony — that when security teams are doing so much, and they’re preventing damage to the organization, they’re getting the least recognition.”
Motivation is waning
Unsurprisingly, the survey discovered that safety specialists have had sufficient. Folks working in cybersecurity are the third-most sad IT professionals globally (23%), simply behind these working in high quality assurance/testing (24%) and infrastructure/help (25%).
What’s extra, the dearth of recognition and a basic sense of despondency imply nearly half (49%) of cybersecurity professionals need to transfer jobs within the subsequent 12 months, effectively above the worldwide common (39%) throughout expertise roles.
“Cyber is one of the few roles where success is invisible, and failure is very visible,” stated Anand, referring to the age-old enterprise problem of too many executives assuming safety is ok as a result of their group hasn’t been attacked.
Additionally: 10 methods AI can inflict unprecedented harm in 2026
Nevertheless, this complacency might rapidly turn out to be a significant concern. Whereas 80% of organizations haven’t suffered a significant assault prior to now two years, a failure from senior executives to acknowledge the dimensions of the cyber problem and to take care of their safety groups might imply the enterprise is subsequent within the firing line.
In these circumstances, the place cybersecurity considerations proceed to rise, and corporations proceed to stall at rewarding and retaining their gifted employees, many professionals can really feel their motivation for work begin to wane.
“It’s the combination of the lack of recognition, the pressure in terms of ensuring that the damage is not done, and that adds to the workload because of the legacy tech stack and the distributed workforce structure that is doing the damage to people’s motivation,” stated Anand.
AI brings new threats
Crucially, the working strain is simply more likely to go a technique: upwards. The rise of AI brings new fashions, methods, and dangers. Anand stated organizations and safety professionals should think about the velocity at which AI is evolving and its doubtless impression on enterprise operations.
“When I review the threat vectors with my head of security, it boggles my mind about the number of vulnerabilities that outsiders are trying to compromise in the enterprise IT environment, and that reality makes it very stressful to work in the security organization,” he stated.
Such is the tempo of change that Anand stated the risk surroundings is shifting quicker than most organizations can structurally adapt. He repeatedly speaks with digital leaders at different corporations who say they’ve invested closely in safety however nonetheless wrestle to deal with the threats.
Additionally: AI is quietly poisoning itself and pushing fashions towards collapse – however there is a treatment
Some business consultants are involved that present fears in regards to the tempo of AI-enabled change are simply the place to begin. Anand acknowledges that the hype surrounding Anthropic’s Mythos mannequin is justified, with the potential for this mannequin and different AI-powered improvements to disrupt the entire business.
“These developments show how AI can discover all those sleeping vulnerabilities in systems,” he stated.
“Anthropic, as a responsible organization, is trying to ensure that the key platforms are addressing those vulnerabilities. However, you also must think about whether other non-responsible threat actors will create similar tools.”
Taking a proactive method
In brief, the business is correct to be involved about Mythos, and the ramifications might imply extra strain for cyber professionals. Nevertheless, it isn’t all unhealthy information, and the analysis means that AI might assist to scale back the pressure on safety employees.
Cybersecurity professionals (48%) are the third-most doubtless IT employees to not really feel threatened by AI taking their jobs, behind firmware/{hardware} engineers (55%) and expertise leaders (58%). Anand stated safety specialists perceive that AI creates new dangers but in addition generates new alternatives.
“AI is not removing the need for security; it is increasing it, and this is where a cyber professional adds value — they will define what good looks like,” he stated. “You need to think, ‘Okay, how do I contribute to the AI strategy of our organization and ensure what we do is within the guardrails of the regulations and data protection laws?'”
Additionally: 5 safety ways your online business cannot get flawed within the age of AI – and why they’re vital
With the analysis suggesting that just about half (49%) of cybersecurity professionals need to transfer jobs within the subsequent 12 months, safety specialists are more likely to discover themselves combating for alternatives in a aggressive labor market. Anand inspired cyber specialists to hone their AI capabilities and to develop expertise in different areas, together with technique and communication.
“The strongest cyber professionals today combine the technical depth of the domain with the business context,” he stated. “They can explain a security issue without the jargon, without any drama, but by being very practical about the business impact and how the firm manages it.”
Quite than burdening the management with technical particulars, essentially the most in-demand cyber employees are conscious of how specialist instruments, equivalent to AI, can be utilized to scale back dangers, not improve them. These cyber professionals clarify how good safety follow is essential to the general enterprise technique.
“This focus is not about audits, findings, and so on,” stated Anand. “It’s about a progressive thought process — it’s talking about cyber strategically in terms of business needs, business risks, and business readiness for the future.”
