Tech leaders may be building up problems for the future by not sufficiently rewarding their security teamIn the realm of technology, cybersecurity has ascended to the top of the priority list, as the world grapples with an increasing number of sophisticated cyberattacks. The World Economic Forum data suggests that the global cost of cybercrime is projected to skyrocket to a staggering $12.2 trillion by 2031. This places the magnitude of cybercriminal operations on par with some of the world’s largest economies. However, a pressing question arises: Are technology leaders inadvertently courting a cyber resourcing crisis by not adequately rewarding their security teams?
A recent study, Harvey Nash’s Tech Talent & Salary Report 2026, offers a startling insight into the state of affairs in the cybersecurity sector. The report, which collates the views of over 3,600 tech professionals worldwide, paints a rather grim picture. It reveals that cybersecurity professionals are the least likely to have received a pay rise in the past year, with only 29% reporting an increase in their salary. This is a stark contrast to their counterparts in DevOps (56%) and Product Management (51%).
Moreover, cybersecurity professionals are among the least satisfied in the tech workforce, trailing only those in QA/Testing and Infrastructure/Support. Their confidence in receiving a pay rise in the upcoming year is also lower than the average, with only 40% expecting a salary increase compared to the overall average of 44%. Alarmingly, almost half (49%) of cybersecurity professionals are contemplating a job change in the next year, a figure significantly higher than the global average across roles (39%).
These findings are particularly concerning given that cybersecurity skills are the third most sought-after tech skillset worldwide. While leaders acknowledge the critical importance of cybersecurity, they seem to be walking a tightrope, risking the loss of disillusioned team members seeking to transition into other roles.
The crux of the issue appears to be a mismatch between the high-risk responsibility shouldered by cybersecurity teams and the rewards they receive. Businesses often task their cybersecurity teams with managing frontline business risks, but fail to provide commensurate rewards, career progression opportunities, and a conducive work environment. When salaries lag behind market rates, workloads continue to increase, and the role is perceived as a hindrance rather than a facilitator, it’s hardly surprising that employees start considering other options.
This predicament can be aptly described through the concept of “risk debt”. Similar to technical debt, risk debt silently accumulates over time when organizations skimp on investing in their people, capabilities, and tools, even as the threat landscape continues to expand. Undercompensated teams, unfilled positions, escalating alert volumes, and outdated operating models all contribute to deferring risk rather than eliminating it. While the balance sheet may appear healthy in the short term, the liability quietly compounds beneath the surface.
When a cybersecurity incident eventually transpires, the cost is seldom confined to remediation alone. It manifests in slower response times, increased operational disruption, regulatory scrutiny, and reputational damage. Therefore, it is imperative for businesses to recognize the value of their cybersecurity teams and reward them accordingly, to ensure the long-term security and success of their operations.
