Is tech team remuneration opening up a new form of cyber risk?

by Joseph K. Clark

It is always tricky for any CTO to ensure that remuneration and reward are spread evenly and fairly across a tech team with many different skills and roles. Every contribution is essential, and, through the pandemic especially, there are a few areas of tech teams that haven’t been putting in long hours to keep organizations functioning and responding with agility and resilience to highly challenging times.

One of the critical areas of the tech workforce is cyber security. About 40% of organizations have experienced an increase in cyberattacks during the pandemic due to the move to remote working, according to the most recent Harvey Nash/KPMG CIO survey. The peak of remote working may be about to end – in the UK at least – but the more hybrid models that most businesses are likely to move to will also present plenty of opportunities for cybercriminals to try to exploit. The upward trend is almost certain to continue.


Couple that with the familiar picture of cyber skills shortages – cyber security is rated the most critical shortage area in the whole of tech – and attracting and retaining cyber professionals must be among the top priorities of any tech leader. Despite all these factors, businesses risk losing cyber talent by rewarding staff in line with other areas.

cyber risk

The 2021 Harvey Nash Tech salary & hot skills report, in which we conducted research among almost 6,000 technology professionals from around the world, including key markets such as the UK, the US, Australia, and Germany, found that two-thirds (67%) of cyber professionals have seen their pay either decrease or stay the same during the pandemic. This compares poorly with many other tech roles.

Our data shows that organizations have instead focused on rewarding those related to releasing value and creating agility for the business. Therefore, the top three roles to experience pay raises have been development management/team leadership (59%), design/UX/UI (50%), and quality assurance (50%).

Meanwhile, those working as a CISO or security specialist were ranked just joint 14th among technology roles worldwide, receiving a pay rise in the past 12 months.

Attraction and retention challenge

Of course, it’s not that cyber professionals aren’t well rewarded. We found that the typical permanent salary in the UK for a cyber security expert is £75,000, and many wells over £100,000, putting them joint fifth in the list of tech-related roles.

Nevertheless, there will be a demotivating effect if security professionals see others in the tech team receiving higher increases than them (and people do talk). If reward increases don’t keep pace with other roles, the danger is that shortages and the talent war will worsen. Cyber professionals will become harder to attract and retain the talent needed, becoming less loyal or even beginning to specialize in other high-demand areas instead.

Rewarding staff involved in front-end activities that generate value and increase agility is critically important, but a balance must be struck. The signs are that reward strategies have tipped too far in one direction. This could open up a new kind of cyber risk as organizations struggle to attract and retain the security teams they rely on.

Cyber security has been a high priority for several years, and during that time, remuneration has generally reflected demand. But it seems that the recent crisis has broken that connection as organizations, understandably, have turned towards the customer. As we move beyond the problem, we need to turn back to investing in cyber security.

After all, no customer-facing investment will deliver value if it fails to provide customer trust. Many organizations know that when their systems are compromised or customer data is breached, confidence evaporates quickly and is hard to rebuild. One saying I often return to is: “Reputation arrives on foot and leaves in a Ferrari.” For me, this sums it up. Reputation is hard-won and takes time. But the minute trust is broken, it shoots off into the distance.

Getting the balance right

There is no magic solution here – CTOs have finite budgets and can’t hand out generous pay raises to everybody in the entire team every year. They also need to be wary of price escalation – creating a salary war that becomes unaffordable.

Therefore, it comes down to that question of balance, looking across the tech team and thinking about the total mix. It’s also about evaluating the reward package, not just headline salaries. Many highly value additional benefits (pension contributions, health cover, gym memberships, and so on), as well as flexible working and lifestyle arrangements. They are willing to sacrifice some salary in return. So tech leaders need to bring that lens to the issue as well.

The signs are that reward strategies may have got a little out of kilter – but good CTOs working closely with their HR teams should be able to find ways of putting it back into balance again.

Related Posts