Tech leaders may be building up problems for the future by not sufficiently rewarding their security teamIn the realm of technology, cybersecurity has ascended to an unprecedented level of importance. The rise of sophisticated cyberattacks, resulting in high-profile incidents globally, has placed cybersecurity at the forefront of tech leaders’ concerns. The World Economic Forum’s data suggests that the global cost of cybercrime is projected to skyrocket to a staggering USD $12.2 trillion by 2031. This places the magnitude of cybercriminal operations on par with some of the world’s largest economies. However, a pressing question arises: are tech leaders inadvertently courting a cyber resourcing crisis by not adequately rewarding their security teams?
Recent research has revealed signs of dissatisfaction among cybersecurity professionals. Harvey Nash’s Tech Talent & Salary Report 2026, which surveyed over 3,600 tech professionals worldwide, paints a rather grim picture. The findings related to cybersecurity are indeed sobering: cybersecurity professionals are the least likely in the entire tech workforce to have received a pay rise in the past year. Only 29% have done so, which is roughly half the proportion of those working in DevOps (56%) and Product Management (51%).
Moreover, cybersecurity professionals are among the unhappiest in the tech workforce, trailing only those in QA/Testing and Infrastructure/Support. Those in the cybersecurity field are less confident than the average tech worker that they will receive a pay rise in the upcoming year, with only 40% expecting this compared to 44% overall. Alarmingly, almost half (49%) of cybersecurity professionals are considering changing jobs in the next twelve months, a figure significantly higher than the global average across roles (39%) and the fourth highest among all job roles.
These statistics are particularly concerning given that cybersecurity skills are the third most sought-after tech skillset worldwide. Leaders are well aware of the critical importance of cybersecurity, yet they seem to be walking a tightrope, risking the loss of disillusioned team members seeking to transition into other roles.
The risks associated with under-rewarding cybersecurity professionals are evident. Businesses frequently task their cybersecurity teams with front-line defense against business risks. However, they often fail to match this responsibility with commensurate rewards, career progression opportunities, and a conducive working environment. When compensation lags behind market rates, workloads continue to increase, and the role is perceived as a hindrance rather than a facilitator, it’s hardly surprising that attrition begins to seem like the path of least resistance.
This challenge can be viewed through the lens of “risk debt”. Similar to technical debt, risk debt quietly accumulates over time when organizations underinvest in their people, capabilities, and tools, even as the threat landscape continues to expand. Under-rewarded teams, persistent vacancies, increasing alert volumes, and outdated operating models all contribute to deferring risk rather than eliminating it. While the balance sheet may appear healthy in the short term, the liability continues to compound beneath the surface. When an incident eventually occurs, the cost extends beyond mere remediation. It manifests in slower response times, increased operational disruption, regulatory scrutiny, and reputational damage.
In conclusion, tech leaders must recognize the importance of adequately rewarding their cybersecurity teams. Failing to do so not only risks a cyber resourcing crisis but also accumulates “risk debt” that could have far-reaching consequences. It’s high time that businesses match the responsibility they place on their cybersecurity teams with the rewards, progression, and operating environment they deserve.
