A report from Harvey Nash has found that despite high profile attacks on some of the UK’s leading companies, many cyber security professionals based in the UK (77 per cent) missed out on pay rises last year – more than any other technology role.
This UK trend was also mirrored across the world – but with slightly fewer (71 per cent) global cyber security professionals missing out on a pay rise. The report says that these findings perhaps beg the question: how hard are organisations working to keep their cyber talent?
The Harvey Nash Tech Talent & Salary Report, surveyed over 3,600 technology professionals globally (1,394 in the UK) and found that almost three times as many UK tech professionals working in Infrastructure/support (60 per cent), DevOps (60 per cent), and AI & Machine Learning (55 per cent) as those in cyber security (23 per cent) received a pay rise last year.
Although the global study found that tech professionals in the UK are the most pessimistic about expectations for more pay, almost three quarters (71 per cent) of those working in AI & Machine Learning, over half of those in Infrastructure/Support (55 per cent) and Software Engineering (53 per cent) expect a salary increase in 2026 – all significantly higher than those in cyber security, where only 45 per cent expect a pay rise.
The Harvey Nash report also found that almost half (48 per cent) of cyber security professionals in the UK are looking to move jobs in the next twelve months – above the UK average (45 per cent) and the 7th highest job role to plan a move.
However, despite almost half of cyber security professionals getting itchy feet, it doesn’t seem to be because of the threat of AI taking their job, rising workloads, or how under resourced they expect their team to be this year. In fact, 61 per cent of cyber security professionals don’t feel threatened by AI taking their job, the second highest behind Technology Leaders (64 per cent). The top three tech roles feeling under most threat from AI in the UK are: 1. QA/Testing, 2. Data/BI/Analytics, 3. Product Management.
“The data should be a wake-up call,” said Ankur Anand, CIO of Harvey Nash. “We’re asking cybersecurity teams to stand on the front line of business risk, yet too often we’re not matching that responsibility with the reward, progression and operating environment that keeps people in the profession. When pay lags the market, workload keeps rising and the role is seen as a blocker rather than an enabler, it’s no surprise that attrition starts to look like the path of least resistance.”
Anand continues: “If organisations want to reduce exposure and respond faster when incidents happen, they need to treat cyber talent as a strategic capability: valued, visible and supported by leadership. The organisations that get this right won’t just retain their best people – they’ll build trust with customers, regulators and their own boards.”
