A new report from IANS Research and Artico Search highlights growing dissatisfaction with compensation among cybersecurity professionals, with more than 60% considering a job change in the next year. A little research on the job market found a few recent surveys, and this rate is nearly double the national average of U.S. workers contemplating a job move in 2025. In those surveys, the range was between 33% and 35%. Career growth and workplace considerations are among the concerns.
The 2025 Cybersecurity Staff Compensation Benchmark Report reveals widening compensation disparities, career stagnation concerns, and increasing frustration with return-to-office (RTO) mandates, which are intensifying hiring and retention challenges in the cybersecurity industry.
Cybersecurity Staff Juggle Multiple Roles
The report highlights that 61% of cybersecurity professionals now work across multiple security domains, a trend driven by budget constraints and workforce shortages. Many security teams struggle to hire specialists, forcing existing staff to cover overlapping areas such as Security Operations (SecOps), Governance, Risk, and Compliance (GRC), and Application Security (AppSec).
Security leaders warn that multifunctional roles can lead to burnout and dissatisfaction. This is particularly problematic when organizations fail to provide clear career advancement pathways.
Compensation Disparities: Region, Role, and Expertise Matter
Salary trends among cybersecurity roles remain highly competitive. But the report finds a job market with significant regional and role-based pay gaps which can encourage job seekers:
- Security architects and engineers earn the highest average annual cash compensation, at $206,000 and $191,000, respectively.
- Risk/GRC specialists report an average salary of $179,000, while security analysts—often in entry-level roles—earn $133,000.
- Geographic pay differences are stark. Professionals in the U.S. West region receive the highest compensation, with an annual pay gap of $61,000 between the highest- and lowest-paying regions.
- Despite growing demand, Canadian cybersecurity professionals continue to lag behind their U.S. counterparts in pay.
Specialized skills also command a premium. Cloud security, application security, and threat intelligence experts earn significantly more, reinforcing the importance of technical specialization.
Job Satisfaction Plummets Amid Career Growth Concerns
Despite strong salaries, only one-third of cybersecurity professionals would recommend their employer. The report finds that while compensation remains important, professionals prioritize career progression opportunities over salary increases.
- Less than 40% of cybersecurity employees are satisfied with career growth opportunities.
- More than 45% feel frustrated by slow advancement, especially among senior professionals struggling to find the next career step.
“Cybersecurity professionals often feel stuck in demanding roles without opportunities for meaningful career growth,” said Nick Kakolowski, Senior Research Director at IANS Research. “Organizations that fail to invest in leadership development risk losing their most valuable talent.”
Return-to-Office Mandates Threaten Retention
As companies tighten remote work policies, cybersecurity professionals are pushing back. The report finds that:
- 52% of cybersecurity staff currently work remotely, with 43% in hybrid roles.
- 59% of respondents prefer full-time remote work, while only 1% favor returning to the office full-time.
Rigid return-to-office policies could further exacerbate attrition risks as cybersecurity professionals seek more flexible work arrangements elsewhere.
How CISOs Can Improve Retention and Hiring
The report recommends three key strategies:
- Invest in Career Growth
- Offer Competitive Salaries
- Prioritize Workplace Flexibility
“In today’s competitive hiring market, organizations that prioritize compensation, career growth, and work flexibility will have the best chance of attracting and retaining top security professionals,” said Steve Martano, IANS Faculty Member and Partner at Artico Search.
Our Conclusion
One might think this report will serve as a wake-up call for CISOs and hiring managers. But that’s asking a lot. With a high percentage of cybersecurity professionals eyeing job changes, organizations that fail to offer competitive salaries, career growth, and flexible work arrangements risk losing top talent to competitors. They also risk a diminishment of cybersecurity as they deal with distracted staff looking for work elsewhere, empty positions, and the weight of onboarding new personnel. Given the demand due to rising threats, one should expect the job market for cybersecurity experts to remain competitive.
Other News: 2024 State of Pentesting Report: Al Threats Rise Amidst Staffing Shortages(Opens in a new browser tab)
