Denis Medvedev via iStock / Getty Images Plus
Follow ZDNET: Add us as a preferred source on Google.

ZDNET’s key takeaways reveal a deep disconnect between the soaring demand for cybersecurity expertise and the tangible rewards granted to professionals in the field. The sector is facing mounting pressure, particularly as artificial intelligence rapidly transforms how both threats and defenses are created. Experts now emphasize that future success in cybersecurity will depend not only on technical mastery but also on cultivating strategic awareness and clear communication skills that can bridge the gap between IT teams and executive leaders.

Over the past two years, nearly one in five organizations has endured a major cyber incident. These attacks have stemmed from traditional criminal enterprises as well as from more sophisticated, AI-driven models such as Anthropic’s newly introduced Mythos system. The digital threat landscape is expanding at an almost uncontrollable pace, reshaping the security priorities of businesses across industries. Paradoxically, those who dedicate their careers to defending companies from these escalating risks often feel unrewarded—both financially and professionally—and many are increasingly frustrated with the lack of recognition.

These findings come from the recently published Harvey Nash Global Tech Talent & Salary Report, a comprehensive survey that gathered insights from more than 3,600 technology experts worldwide. Although 19% of participants reported that their organization had experienced a significant breach within the past two years, cybersecurity specialists proved to be the least likely of all tech professionals to receive a pay raise during the previous 12 months. In comparison, about half of professionals in other domains—such as DevOps, product management, and business analysis—enjoyed compensation increases in 2025, with rates ranging from 50% to 56%. Only 29% of cyber experts reported any additional financial reward for their efforts.

Ankur Anand, Group CIO at Nash Squared—the parent company of Harvey Nash—summarized the core issue succinctly: there exists a pronounced imbalance between the demand for skilled security talent and the rewards provided in return. Anand attributes this mismatch partly to corporate complacency. Many executive boards mistakenly assume that because no major incident has occurred recently, their systems must be secure. Ironically, this very perception arises because security teams have been so effective at preventing catastrophes that their success remains invisible. When protective efforts function flawlessly, leadership may take stability for granted, overlooking the professionals who ensure it.

Motivation among cybersecurity workers is declining as a consequence. According to the study, IT staff in security roles rank among the unhappiest professionals in the technology sector—third only to those employed in quality assurance, testing, and infrastructure support. Roughly 23% of cybersecurity personnel expressed dissatisfaction with their current roles. Even more striking is that nearly half—49%—intend to change jobs within the next year, significantly higher than the global average of 39% across all technology positions. The reasons are clear: emotional exhaustion, constant high-stakes pressure, and minimal public acknowledgment.

As Anand points out, cybersecurity is a discipline where successful outcomes remain largely invisible while failures are glaringly public. This asymmetry can distort perceptions within organizations, leading executives to underestimate the intensity of the ongoing effort required to maintain security. While four out of five companies have escaped a major cyberattack in the past two years, Anand warns that complacency from senior leaders could make them the next target. In an environment where threats multiply by the month, neglecting staff morale or underinvesting in defensive capabilities could prove devastating.

The combination of inadequate recognition, relentless workload, and outdated infrastructure is taking a profound toll on job satisfaction. Legacy technology frameworks, coupled with increasingly dispersed workforces operating remotely across time zones, complicate every aspect of security management. As Anand explains, cybersecurity professionals face the dual challenge of fending off ever-evolving attacks while simultaneously managing internal operational limitations, both of which erode motivation.

The pressure facing cyber teams will continue to intensify. Artificial intelligence is introducing new models and methods that expand both the opportunities and the vulnerabilities confronting organizations. Anand recounts that reviewing threat vectors with his head of security is often staggering—the sheer number of potential weaknesses being probed by malicious actors is enough to daunt even experienced professionals. The situation has escalated so quickly that many companies struggle to adapt their structures and processes to match the pace of external change, despite making massive financial investments in security infrastructure.

Concerns over AI’s impact stretch far beyond hype. Experts caution that what we witness now—AI systems like Anthropic’s Mythos being capable of uncovering hidden vulnerabilities—is merely the beginning. While responsible developers aim to close these gaps, less ethical actors are likely to exploit similar technology for destructive means. Thus, the same innovations that strengthen defenses may simultaneously empower adversaries.

Nevertheless, not all outcomes are negative. The same research indicates that many cybersecurity experts recognize AI’s potential as a complementary, rather than competitive, force. Nearly half (48%) of security professionals surveyed reported that they do not fear being replaced by AI—second only to hardware engineers and technology executives in this confidence. Anand interprets this as a sign that seasoned cyber practitioners see AI as a tool to enhance their effectiveness. Far from making security redundant, AI amplifies its necessity by creating novel attack paths that must be understood and neutralized. Skilled experts remain indispensable in setting ethical boundaries and ensuring compliance with emerging data protection regulations.

As demand for skilled defenders intensifies, professionals seeking to move jobs will enter an increasingly competitive market. To succeed, Anand advises them to expand their repertoire beyond technical expertise. Building fluency in organizational strategy, risk communication, and AI literacy will be critical differentiators. The strongest cybersecurity professionals are those capable of translating complex technical risks into clear, business-relevant language for senior leaders—an ability that converts cybersecurity from a cost center into a strategic asset.

Ultimately, the most sought-after security experts act not as technical gatekeepers but as strategic enablers. They understand that good governance and thoughtful use of AI can reduce systemic risk rather than compound it. Instead of overwhelming leadership with technical minutiae, they contextualize cybersecurity within broader corporate objectives, discussing not just compliance checklists but long-term resilience, readiness, and innovation. As Anand concludes, this evolution represents a progressive mindset shift—from viewing cybersecurity as a reactive audit function to treating it as an integral component of business strategy and future preparedness.

Sourse: https://www.zdnet.com/article/nearly-half-of-cybersecurity-pros-want-to-quit-heres-why/