71% of cybersecurity professionals globally saw zero salary increase in 2025. In the UK, it's worse: 77% went without a raise. Meanwhile, 45% of all tech workers got pay bumps, and in DevOps, that number hit 56%. The data comes from Harvey Nash, which surveyed 53 countries.
"Cybersecurity has become a victim of its own effectiveness," said Ankur Anand, CIO at Harvey Nash. When teams do their jobs well and nothing blows up, executives stop seeing the value. AI is also making attackers faster and more creative. New models capable of autonomous exploit development are raising the stakes. The UK's National Cyber Security Centre reported a 50% jump in severe attacks in under a year. Security teams are working harder against bigger threats for the same money. The increased capability of AI models to find flaws has changed the landscape.
The structural problem underneath all of this: entry-level security jobs are vanishing. SOAR platforms now handle up to 90% of Tier 1 SOC alerts automatically. The log triage and alert correlation work that used to train junior analysts is being eaten by algorithms. You end up with a market that only wants senior engineers but has no way to produce them. The pipeline is broken.
Security professionals now rank in the bottom three for workplace satisfaction, alongside QA testers and infrastructure staff. This for a role that's supposedly in the top three most in-demand positions in tech. 24% of those staying in their jobs admit they're not confident they'd find anything better right now. They're staying because the alternatives look worse.