The UK’s cybersecurity workforce is facing growing pressure, with new data suggesting that dissatisfaction over pay and progression is driving a potential wave of departures from the sector.
According to recent industry research, 77% of UK cybersecurity professionals did not receive a pay rise over the past year, while 48% say they are now considering leaving their roles. The figures highlight a widening gap between demand for cyber skills and the experience of those already working in the field.
The findings come at a time when cybersecurity remains one of the most in-demand areas in the UK labour market, with organisations across finance, government, healthcare, and technology continuing to invest heavily in digital security.
High Demand, Low Retention
The UK has faced a persistent shortage of cybersecurity professionals in recent years, with businesses frequently citing skills gaps as a major risk to operations.
However, the latest data suggests that the issue may not simply be a lack of talent entering the sector, but a growing challenge in retaining existing workers.
Despite strong demand, many professionals report that pay, workload, and career progression are not keeping pace with expectations. This is contributing to rising frustration within the workforce, even as employers continue to struggle to fill vacancies.
Recruitment specialists say this reflects a broader shift in the labour market, where retention is becoming as important as recruitment.
A Growing Risk for Employers
The potential loss of nearly half the workforce presents a significant risk for organisations already facing cyber threats and regulatory pressures.
Cybersecurity roles are often highly specialised, requiring years of training and experience. As a result, replacing skilled professionals is both time-consuming and costly.
High turnover can also create vulnerabilities, particularly where teams are understaffed or reliant on a small number of experienced individuals.
For employers, the challenge is no longer just attracting talent, but ensuring that working conditions, pay structures, and career pathways are competitive enough to retain it.
Pressure on Working Conditions
In addition to pay concerns, cybersecurity professionals report increasing workloads and responsibility.
As organisations become more reliant on digital infrastructure, the scope of cybersecurity roles has expanded. Teams are often expected to manage a growing range of risks, from data breaches to ransomware attacks, while maintaining compliance with evolving regulations.
This combination of high responsibility and limited reward is contributing to burnout in some parts of the sector.
The result is a workforce that is both in high demand and under increasing strain.
Barriers to Entry Remain
At the same time, access to cybersecurity careers remains uneven.
While demand for skills is high, entry into the sector can be challenging without specific qualifications, certifications, or experience. This creates barriers for those looking to transition into cybersecurity from other industries or backgrounds.
There are also ongoing concerns about diversity within the sector.
Women and ethnic minorities remain underrepresented in cybersecurity roles, limiting the potential talent pool at a time when employers are actively seeking to expand capacity.
Improving access to training and creating clearer entry pathways could help address both skills shortages and diversity gaps.
A Shift in the Narrative
The latest data raises questions about how the UK approaches skills shortages.
Rather than focusing solely on attracting new entrants, there is growing recognition that retention must play a central role in workforce strategy.
If nearly half of cybersecurity professionals are considering leaving their roles, the issue is not just supply—but the conditions under which people are working.
Looking Ahead
As cyber threats continue to evolve, the demand for skilled professionals is expected to remain high.
However, without changes to pay, progression, and working conditions, employers may struggle to retain the talent they already have.
The data suggests that addressing the cybersecurity skills gap will require more than recruitment alone. It will depend on whether organisations can create roles that are not only in demand, but sustainable and attractive over the long term.
Kim Cockayne