Harvey Nash Study Finds 77% of UK Cyber Staff Got No Pay Rise as Workloads Surge
CybersecurityHuman Resources

Harvey Nash Study Finds 77% of UK Cyber Staff Got No Pay Rise as Workloads Surge

Pulse
PulseApr 29, 2026

Why It Matters

The widening pay gap threatens the stability of the cyber workforce at a time when threat actors are becoming more sophisticated and AI‑enabled. If organizations fail to address compensation and workload imbalances, attrition could accelerate, leaving critical gaps in defenses and increasing exposure to costly breaches. Moreover, board complacency—highlighted by the study—may erode governance standards, undermining regulatory compliance and customer confidence. A sustained talent shortage could also slow the adoption of emerging security technologies, as overburdened teams lack the bandwidth to evaluate and implement new tools. This feedback loop may force companies to rely on legacy solutions, further widening the vulnerability gap.

Key Takeaways

  • 77% of UK cyber staff saw no salary increase in 2025, per Harvey Nash survey.
  • 71% of global cybersecurity professionals reported stagnant pay.
  • 45% of all tech workers received raises across 53 surveyed countries.
  • UK NCSC recorded a 50% rise in its most severe attack category in the past year.
  • 24% of cyber workers lack confidence they could find a better job now.

Pulse Analysis

The Harvey Nash findings arrive at a crossroads for the cybersecurity labor market. Historically, talent shortages have driven salary premiums, but the data suggests a reversal: boards are rewarding other tech disciplines while leaving security staff behind. This paradox likely stems from a perception that effective security teams reduce incident frequency, creating a false sense of security among executives. The result is a classic supply‑demand mismatch where demand for cyber expertise is soaring, yet the price signal—salary—remains muted.

From a market perspective, the stagnation could accelerate consolidation in the security services sector. Vendors offering managed detection and response (MDR) or AI‑augmented security operations may become more attractive to firms lacking in‑house talent, shifting spend from personnel to outsourced solutions. However, this shift also raises concerns about data sovereignty and the quality of third‑party defenses.

Looking ahead, the pressure to align compensation with workload will likely intensify as regulatory bodies, such as the EU’s Cybersecurity Act and the U.S. CISA, tighten breach‑notification requirements. Companies that proactively adjust pay structures and elevate cyber teams to strategic partners will gain a competitive edge in both talent retention and risk mitigation. Conversely, firms that ignore the warning risk higher turnover, longer incident response times, and potentially larger financial penalties.

Harvey Nash study finds 77% of UK cyber staff got no pay rise as workloads surge

Comments

Want to join the conversation?

Loading comments...