Harvey Nash data: 71% of cybersecurity workers globally saw no salary increase in 2025, while workload and threat volume grew.
Key Takeaways
Only 29% of infosec professionals got a raise vs 45% of all tech workers and 56% of DevOps, the top-paid discipline.
UK was worst: 77% of security staff saw zero salary growth despite a 50% rise in NCSC’s most severe incident category.
Harvey Nash CIO Ankur Anand attributes stagnation to boardroom complacency – successful teams make threats invisible to leadership.
AI is expanding the attack surface and eliminating entry-level security roles simultaneously, shifting the market firmly to employers.
24% of security professionals staying put admit they lack confidence they’d find better elsewhere, not genuine satisfaction.
Hacker News Comment Review
Commenters frame cybersecurity as a cost center, not a profit center – making it structurally first in line for budget cuts and last for raises.
The Munger incentive point surfaces: US breach penalties (credit monitoring letters) are so weak that companies face no real financial pressure to invest in security talent.
Consensus is that the dynamic is self-reinforcing: good security is invisible, invisibility breeds complacency, complacency kills retention, attrition degrades security.
Notable Comments
@lenerdenator: “Show me the incentives, and I’ll show you the outcomes” – US breach liability is so light that companies have no structural reason to pay security teams more.
