Cybersecurity salaries are rising, but some professionals wonder if the stress and burnout is worth it

Security practitioner salaries have grown by a considerable amount in the last 12 months, but so has the stress associated with the role, according to new research.

A survey of UK cyber professionals between October 2023 and March 2024, conducted by CIISec, found the average wage for a security worker now stands at £87,205.

This is roughly £10,000 higher than the 2023/24 average which was just above £70,000, and almost £25,000 higher than the £62,144 average salary in 2016/17.

When adjusted for inflation the average salary for a cybersecurity professional in the UK has risen 7% in real terms.

But being remunerated this handsomely appears to come at a cost, CIISec found, with 21% of security staff working long hours that are classified as being ‘overworked’.

The report noted that over half (55%) of the respondents said the stress associated with this was keeping them up at night. The fear of suffering a cyber attack was cited by 39% of respondents as hurting their ability to relax at home.

The financial impact an incident could have on their organization was also a considerable factor fuelling stress among 20% of cyber pros, constituting a five year peak.

CIISec’s report noted that mismanaged intrusions can become notorious and haunt those responsible for mitigating the attack. Accordingly, CIISec found that cyber professionals are twice as likely to remember a poorly handled attack than a well-handled one.

What pushes cyber pros to leave their jobs?

Overall, the State of the Profession report found cyber professionals were less positive about staying in their current role than they were last year.

When asked if they see themselves working for the same employer in two years’ time, 20% of respondents said no, compared to just 13% in 2022/23

Although the majority of respondents reporting the stress associated with their role was keeping them awake at night, stress and overwork were no longer listed as one of the top five reasons for leaving their job, CIISec found.

Instead, professionals cited remuneration as the primary reason for leaving their job, despite the fact that this year constitutes a new high for security salaries.

Scope for progression, insufficient training, poor management, and boring work were listed as the four other top factors pushing cyber professionals to look for new roles.

A Blackfrog study of security leaders from the UK and US challenges this finding however, reporting 93% of respondents said stress and job demands were driving the decision to leave their roles.

Blackfrog reported that 45% of security decision makers said they had used drugs or alcohol to manage their heightened stress levels.

When asked what was fueling this anxiety, 42% said they worried about AI-powered attacks, whereas 37% said malware and ransomware attacks caused them the most stress.

Dealing with the flood of alerts and notifications was another factor fuelling burnout among security professionals, the report found, with 63% of respondents saying their team experiences ‘alert fatigue’ that desensitizes them to the urgency of security events.

Virtually every respondent said they are overworked to some degree, with 98% working on average an extra nine hours per week beyond their contract, and 15% stating they worked more than 16 hours over their contracted time.