Observe ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- There is a huge mismatch between demand and rewards in cyber.
- Working strain is simply prone to improve as a result of using AI.
- Safety workers ought to concentrate on technique and communication abilities.
Virtually 20% of organizations have reported a major security attack up to now two years, and the risk surroundings, whether or not as a result of legal exercise or the rise of recent AI-enabled fashions, comparable to Anthropic’s Mythos, continues to evolve at breakneck velocity. Nevertheless, the cybersecurity professionals who assist their enterprises handle these challenges do not feel adequately rewarded — and most are fed up with the state of affairs.
That is the conclusion from the newly launched Harvey Nash Global Tech Talent & Salary Report, which surveyed over 3,646 know-how professionals globally. Whereas 19% of respondents reported a significant assault at their agency up to now 24 months, these working within the safety specialism have been the least prone to report a pay improve over the past 12 months.
Additionally: These 4 critical AI vulnerabilities are being exploited faster than defenders can respond
Solely 29% of cyber professionals stated they’d acquired extra compensation for his or her efforts, which is in stark distinction to different roles, the place at the least half of tech professionals acquired a pay improve in 2025, particularly in DevOps (56%), product administration (51%), and enterprise evaluation (50%).
“The analysis clearly tells us that there is a huge mismatch between the demand and the reward in cyber,” stated Ankur Anand, group CIO at know-how and expertise options supplier Nash Squared, which owns tech recruiter Harvey Nash, the agency that produced the survey.
“I believe this mismatch is as a result of complacency of many boards saying nothing unhealthy has occurred in the previous couple of years, so safety have to be high quality. And that is the irony — that when safety groups are doing a lot, and so they’re stopping harm to the group, they’re getting the least recognition.”
Motivation is waning
Unsurprisingly, the survey discovered that safety specialists have had sufficient. Folks working in cybersecurity are the third-most sad IT professionals globally (23%), simply behind these working in high quality assurance/testing (24%) and infrastructure/assist (25%).
What’s extra, the dearth of recognition and a normal sense of despondency imply virtually half (49%) of cybersecurity professionals wish to transfer jobs within the subsequent 12 months, effectively above the worldwide common (39%) throughout know-how roles.
“Cyber is likely one of the few roles the place success is invisible, and failure could be very seen,” stated Anand, referring to the age-old enterprise problem of too many executives assuming safety is okay as a result of their group hasn’t been attacked.
Additionally: 10 ways AI can inflict unprecedented damage in 2026
Nevertheless, this complacency might rapidly turn out to be a significant difficulty. Whereas 80% of organizations haven’t suffered a significant assault up to now two years, a failure from senior executives to acknowledge the dimensions of the cyber problem and to take care of their safety groups might imply the enterprise is subsequent within the firing line.
In these circumstances, the place cybersecurity considerations proceed to rise, and corporations proceed to stall at rewarding and retaining their proficient workers, many professionals can really feel their motivation for work begin to wane.
“It is the mix of the dearth of recognition, the strain by way of making certain that the harm will not be finished, and that provides to the workload due to the legacy tech stack and the distributed workforce construction that’s doing the harm to individuals’s motivation,” stated Anand.
AI brings new threats
Crucially, the working strain is simply prone to go a method: upwards. The rise of AI brings new fashions, methods, and dangers. Anand stated organizations and safety professionals should take into account the velocity at which AI is evolving and its seemingly affect on enterprise operations.
“After I overview the risk vectors with my head of safety, it boggles my thoughts in regards to the variety of vulnerabilities that outsiders try to compromise within the enterprise IT surroundings, and that actuality makes it very demanding to work within the safety group,” he stated.
Such is the tempo of change that Anand stated the risk surroundings is shifting quicker than most organizations can structurally adapt. He commonly speaks with digital leaders at different firms who say they’ve invested closely in safety however nonetheless wrestle to deal with the threats.
Additionally: AI is quietly poisoning itself and pushing models toward collapse – but there’s a cure
Some business specialists are involved that current fears about the pace of AI-enabled change are just the starting point. Anand acknowledges that the hype surrounding Anthropic’s Mythos mannequin is justified, with the potential for this mannequin and different AI-powered improvements to disrupt the entire business.
“These developments present how AI can uncover all these sleeping vulnerabilities in methods,” he stated.
“Anthropic, as a accountable group, is attempting to make sure that the important thing platforms are addressing these vulnerabilities. Nevertheless, you additionally should take into consideration whether or not different non-responsible risk actors will create comparable instruments.”
Taking a proactive strategy
Briefly, the business is true to be involved about Mythos, and the ramifications might imply extra strain for cyber professionals. Nevertheless, it is not all unhealthy information, and the analysis means that AI might assist to scale back the pressure on safety workers.
Cybersecurity professionals (48%) are the third-most seemingly IT staff to not really feel threatened by AI taking their jobs, behind firmware/{hardware} engineers (55%) and know-how leaders (58%). Anand stated safety specialists perceive that AI creates new dangers but additionally generates new alternatives.
“AI will not be eradicating the necessity for safety; it’s growing it, and that is the place a cyber skilled provides worth — they may outline what beauty like,” he stated. “You’ll want to assume, ‘Okay, how do I contribute to the AI technique of our group and guarantee what we do is throughout the guardrails of the laws and knowledge safety legal guidelines?'”
Additionally: 5 security tactics your business can’t get wrong in the age of AI – and why they’re critical
With the analysis suggesting that nearly half (49%) of cybersecurity professionals wish to transfer jobs within the subsequent 12 months, safety specialists are prone to discover themselves preventing for alternatives in a aggressive labor market. Anand inspired cyber specialists to hone their AI capabilities and to develop abilities in different areas, together with technique and communication.
“The strongest cyber professionals right this moment mix the technical depth of the area with the enterprise context,” he stated. “They will clarify a safety difficulty with out the jargon, with none drama, however by being very sensible in regards to the enterprise affect and the way the agency manages it.”
Quite than burdening the management with technical particulars, essentially the most in-demand cyber workers are conscious of how specialist instruments, comparable to AI, can be utilized to scale back dangers, not improve them. These cyber professionals clarify how good safety apply is essential to the general enterprise technique.
“This focus will not be about audits, findings, and so forth,” stated Anand. “It is a couple of progressive thought course of — it is speaking about cyber strategically by way of enterprise wants, enterprise dangers, and enterprise readiness for the long run.”
