Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- There is a huge mismatch between demands and rewards in cyber.
- Work pressure is only likely to increase with the use of AI.
- Security staff should focus on strategy and communication skills.
Nearly 20% of organizations have reported a major security attack in the past two years, and the threat environment, whether due to criminal activity or the rise of new AI-enabled models like Anthropic’s Mythos, is evolving at a breakneck pace. However, the cybersecurity professionals who help their enterprises manage these challenges do not feel adequately rewarded – and most are fed up with the situation.
This is the conclusion drawn from the newly released Harvey Nash Global Tech Talent and Salary ReportWhich surveyed more than 3,646 technology professionals globally. While 19% of respondents reported a major attack on their firm in the past 24 months, those working in security specialties were the least likely to report a pay increase over the past year.
Also: These 4 critical AI vulnerabilities are being exploited faster than defenders can respond
Only 29% of cyber professionals said they received additional compensation for their efforts, a sharp contrast to other roles, where at least half of tech professionals received a pay increase in 2025, particularly in DevOps (56%), product management (51%), and business analytics (50%).
“The research tells us clearly that there is a huge mismatch between demand and reward in cyber,” said Ankur Anand, group CIO at technology and talent solutions provider Nash Squared.
“I think this mismatch is due to the complacency of many boards that nothing bad has happened over the years, so security must be OK. And that’s the irony – that when security teams are doing so much, and they are protecting the organization from harm, they are getting the least recognition.”
motivation is decreasing
Not surprisingly, the survey found that security experts have enough work. People working in cybersecurity are the third most unhappy IT professionals globally (23%), just behind those working in quality assurance/testing (24%) and infrastructure/support (25%).
Furthermore, a lack of recognition and a general feeling of frustration means that almost half (49%) of cybersecurity professionals want to move jobs in the next 12 months, which is well above the global average (39%) in technology roles.
“Cyber is one of the few roles where success is invisible, and failure is very visible,” Anand said, referring to the age-old business challenge of many executives who believe security is fine because their organization hasn’t been attacked.
Also: 10 ways AI could cause unprecedented harm in 2026
However, this complacency can quickly become a big issue. While 80% of organizations have not suffered a major attack in the past two years, failure by senior executives to recognize the scale of the cyber challenge and take care of their security teams could mean the enterprise is next in the firing line.
Under these circumstances, where cybersecurity concerns are increasing, and companies are struggling to reward and retain their talented employees, many professionals may feel that their motivation to work is beginning to wane.
“It’s a combination of this lack of recognition, the pressure to ensure that harm doesn’t happen, and this increased workload due to the legacy technology stack and distributed workforce structure that is hurting people’s motivation,” Anand said.
AI brings new dangers
Crucially, the pressure at work is likely to go in only one direction: upward. The rise of AI brings new models, technologies and risks. Anand said organizations and security professionals should consider the speed at which AI is developing and the potential impact it could have on business operations.
He said, “When I review threat vectors with my security leader, it boggles my mind about the number of vulnerabilities that outsiders are trying to compromise enterprise IT environments, and that reality makes working in a security organization very stressful.”
Anand said the pace of change is such that the threat environment is moving faster than most organizations can structurally adapt. He regularly speaks to digital leaders at other companies who say they have invested heavily in security but still struggle to deal with threats.
Also: AI is quietly poisoning itself and pushing models towards collapse – but there’s a cure
Some industry experts are concerned that current fears about the pace of AI-enabled change are just the starting point. Anand believes the hype surrounding Anthropic’s Mythos model is justified, as this model and other AI-powered innovations have the potential to disrupt the entire industry.
“These developments show how AI can detect all those vulnerabilities in systems,” he said.
“Anthropic, as a responsible organization, is trying to ensure that major platforms are addressing those vulnerabilities. However, you should also think about whether other irresponsible threat actors will create similar tools.”
taking a proactive approach
In short, the industry is right to be concerned about mythos, and its impact could mean more pressure for cyber professionals. However, it’s not all bad news, and research shows that AI can help reduce the stress on security staff.
After firmware/hardware engineers (55%) and technology leaders (58%), cybersecurity professionals (48%) are the third most likely IT employees who don’t feel threatened by AI taking over their jobs. Anand said security experts understand that AI creates new risks but also new opportunities.
He said, “AI is not taking away the need for security; it is enhancing it, and that’s where a cyber professional adds value – they will define what good looks like.” “You need to think, ‘Okay, how do I contribute to our organization’s AI strategy and ensure that what we do is within the framework of regulations and data protection laws?’”
Plus: 5 security strategies your business can’t get wrong in the age of AI – and why they’re important
With research showing that nearly half (49%) of cybersecurity professionals intend to change jobs in the next 12 months, security specialists may find themselves fighting for opportunities in a competitive labor market. Anand encouraged cyber experts to hone their AI capabilities and develop skills in other areas, including strategy and communication.
“The strongest cyber professionals today combine the technical depth of the domain with the business context,” he said. “They can explain a security issue without any jargon, without any drama, but by being very practical about the business impact and how the company manages it.”
Rather than burden leadership with technical details, the most sought-after cyber employees are aware of how specialist tools like AI can be used to reduce risks, not increase them. These cyber professionals show how important good security practices are to overall business strategy.
“The focus is not about audit, findings etc,” Anand said. “It’s about a progressive thought process – it’s talking about cyber strategically in the context of business needs, business risks and business readiness for the future.”
