As cybersecurity teams take on broader responsibilities, infosec professionals are working across multiple security domains.
This is according to the 2025 Cybersecurity Staff Compensation Benchmark Report released by IANS Research and Artico Search, which takes a comprehensive look at cybersecurity staff compensation, job satisfaction, and hiring trends.
The report finds that 61% of cybersecurity staff dedicate at least 30% of their time to multiple functions, with common overlaps in SecOps, GRC, and AppSec. This shift reflects the growing demand for cross-functional expertise, often driven by resource constraints and organisational efficiencies.
Meanwhile, amidst fierce talent competition, organisations with compensation gaps, limited career growth, and strict return to office mandates will face hiring and retention challenges, straining security team development.
As cybersecurity roles expand and evolve, companies that do offer competitive salaries, prioritize leadership development and career growth, and ensure work arrangement flexibility will be best positioned to attract and retain top professionals.
“This year’s data reinforces a critical truth: cybersecurity professionals often feel stuck in demanding roles without opportunities for meaningful career growth,” says Nick Kakolowski, senior research director at IANS Research. “With more than 60% of cybersecurity professionals considering a job change, the key challenge for CISOs isn’t just compensation — it’s creating opportunities for staff to progress in their careers.
“In a market where staff are expected to wear multiple hats, those who see clear paths to leadership and specialisation are the most likely to stay.”
Key findings from the 2025 Cybersecurity Staff Compensation Benchmark Report include:
- Cybersecurity salaries remain highly competitive. Security architects and engineers continue to earn top-tier salaries, with average annual cash compensation of $206 000 and $191 000, respectively.
- IT backgrounds dominate among security professionals. Over 70% of security engineers and more than 50% of security analysts and security architects say their IT backgrounds were essential to landing their current roles.
- Regional pay differences vary considerably. The US West region offers the highest cybersecurity salaries, followed by the Northeast. The Southeast and Central U.S. report lower salaries. The annual compensation disparity between the highest and lowest regions is $61 000 Canada consistently lags behind all US regions.
- Specialized skills drive premium salaries. Cybersecurity professionals with deep expertise in cloud security, application security, and threat intelligence earn significantly more, reinforcing the value of specialisation.
- Employee satisfaction remains low. Only one-third of cybersecurity professionals would recommend their employer. Low satisfaction coincides with perceptions of limited career growth, with fewer than 40% of respondents satisfied with their advancement opportunities and more than 45% expressing frustration over slow progression. While compensation remains a factor, the ability to develop new skills and advance within an organisation has a greater impact on retention.
“In today’s competitive hiring market, companies win top cybersecurity talent when they offer competitive salaries and clear growth potential in the organisation,” says Steve Martano, IANS faculty member and partner at Artico Search.
“CISOs who create growth opportunities for their high-performing team members through leadership training, mentorship, and skill development have a far greater ability to attract and retain top security professionals.”