Cybersecurity professionals are increasingly frustrated, with nearly half considering quitting as AI-focused executives block new hires and overlook them for pay rises.
Just 29 per cent of cybersecurity workers received a pay rise last year, according to the Harvey Nash Global Tech Talent & Salary Report of more than 3,600 technologists.
That puts them well behind peers in DevOps (56 per cent), product management (51 per cent) and business analysis (50 per cent).
And while 55 per cent of all technologists are happy in their current roles, job satisfaction among cybersecurity leaders is the third lowest of all IT careers – with just 23 per cent reporting they are happy in their current jobs.
This, as senior business leaders seem to be misunderstanding the reasons for their past success – with just 19 per cent of respondents saying they suffered a major security incident in the last 2 years and 42 per cent reporting there was “no significant impact” from a breach.
Executive complacency about cybersecurity is far removed from the sentiment on the frontlines, where 56 per cent of IT leaders blame breaches on a lack of cybersecurity skills – and just 22 per cent of companies hired security staff after a breach.
Cybersecurity staff are still hard to find, but workers are nonetheless far less likely to get pay rises. Source: Harvey Nash Global Tech Talent & Salary Report
Indeed, a recent Fortinet survey found that while IT leaders know the risks of underinvesting in cybersecurity staff, they’re hitting brick walls when they lobby boards and senior executives for more budget, with 49 per cent struggling to get approval to fund more staff.
Cyber security executives’ relative success in defending their companies, it seems, is backfiring – with senior leaders assuming their past success improving security means they don’t need to invest further.
Workers are most likely to leave because of pay concerns. Source: Harvey Nash Global Tech Talent & Salary Report
“Teams are being asked to defend against AI-driven risks that didn’t exist a year ago, without the resources to match,” said cybersecurity strategist Rishika Mehrotra, noting “the result is a widening gap between responsibility and reward, and growing intent to leave the field.”
AI is a distraction – and a threat
Devaluation of cybersecurity staff comes at a fraught time in security, with AI-driven threats dramatically increasing the volume and efficacy of cybersecurity threats even as vendors like Anthropic debut powerful new models capable of automatically hacking victims.
The volume of malicious bots surged 12.5 times over the last year, according to new figures from Thales, which found 40 per cent of automated bot traffic to be malicious as AI “erases the line between legitimate and malicious activity”.
Integrating AI into business cybersecurity practices has therefore become table stakes – particularly because experience shows even companies that think they’re adopting AI securely are leaving themselves exposed.
Security skills are essential for every business – so why are security experts the least likely in ICT to get a pay rise? Source: Harvey Nash Global Tech Talent & Salary Report
Security firm Proofpoint, for one, recently surveyed 1,400 security professionals in 12 countries and found despite widespread AI adoption, 44 per cent reported a “confirmed or suspect AI-related incident” even though they had implemented AI security controls.
The growing AI security risk is confronting for executives who have proven to be enamoured with AI – and willing to fund it – but seem oblivious to the myriad new threats its introduction has created.
“As AI becomes embedded in how work gets done, security leaders must rethink how they protect trusted interactions across people, data and AI systems,” Proofpoint chief strategy officer Ryan Kalember said, noting a “widening divide between AI adoption and security readiness.”
Executives are focused elsewhere – at their own risk
This widening divide reflects the overall business enthusiasm for AI, which is being rapidly adopted at every level of the business – with varying degrees of success.
For tech workers who want to tap into the executive enthusiasm over AI, there does seem to be one surefire way to earn a pay rise: of those who told the Harvey Nash survey they recently received a raise, fully 55 per cent of said they were “actively upskilling for AI”.
ICT executives report that boards are failing to act to protect increasingly complex ICT environments. Source: Fortinet 2026 Cybersecurity Skills Gap Global Research Report
Despite the relative plateauing of cybersecurity salaries, however, the Harvey Nash survey did offer some hope for those cybersecurity workers that do want to keep their jobs – namely, that they are unlikely to be forced out.
According to that survey just 7 per cent of security roles are highly under threat from AI – one of the lowest results across all IT careers – and 48 per cent of security respondents said they feel their job is not at all threatened by AI which is among the highest of 17 ICT careers analysed.
Executives are becoming less aware of the risks of cybersecurity underinvestment over time Source: Fortinet 2026 Cybersecurity Skills Gap Global Research Report
“Emerging technologies often become either ubiquitous throughout an organisation or fade away completely,” the report said, noting that “the use of AI and cybersecurity have certainly become standard practice in business today.”
“However, achieving optimal results from technology takes ongoing effort and commitment throughout its lifecycle.
“Our research suggests there is still significant room for improvement.”
