Cybersecurity has taken centre stage in the UK this year. With threats growing more sophisticated and regulatory scrutiny tightening, businesses are investing heavily to protect their data, systems and people. As a result, demand for cyber professionals is climbing at pace, and the competition to secure top talent is intensifying. At Harvey Nash, we’ve seen cybersecurity evolve from a back-office concern to a boardroom priority. Over the past year, the nature of hiring has shifted. Employers are looking for more than just technical firepower. They want strategic thinkers who can embed security into every part of the organisation. 2025 feels like a turning point. The risks are greater, the stakes are higher, and the need for experienced, capable cyber talent is now critical. As a recruitment partner, our role is to help organisations understand what’s happening in the market, and how to respond. Why Cybersecurity Talent Is in High Demand Across the UK, cyber threats are increasing in both frequency and severity. The Nash Squared/Harvey Nash Digital Leadership Report revealed 29% of digital leaders have experienced a major cyberattack in the past 2 years, ending a 5-year decline. The National Cyber Security Centre has also reported a significant rise in ransomware, phishing campaigns and attacks on critical infrastructure. For many businesses, the challenge is no longer just preventing breaches, but also being ready to respond, recover and learn. At the same time, regulations are tightening. From data protection requirements to the Online Safety Act, organisations face growing pressure to demonstrate strong governance and accountability. For sectors like finance, healthcare, energy and the public sector, this is especially urgent. Digital transformation is also playing a role. As cloud adoption accelerates and hybrid working becomes the norm, the attack surface expands. New technologies bring incredible opportunities, but also introduce new risks. These combined forces are making cybersecurity talent one of the most sought-after resources in the UK job market today. Key Cybersecurity Trends Shaping the UK in 2025 To understand the hiring landscape, it’s important to look at what’s actually happening on the ground. Here are the key trends shaping the cybersecurity conversation this year. Ransomware remains a major threat Attackers are becoming more targeted, more professional and more damaging, according to the Nash Squared/Harvey Nash Digital Leadership Report organised crime remains the biggest concern for digital leaders. Public services, councils and healthcare providers continue to be high-profile victims. This is driving demand for security operations specialists, incident response teams and forensic analysts. Supply chain risk is under the spotlight Breaches linked to third-party providers have exposed vulnerabilities beyond company walls. In response, organisations are investing in governance, risk and compliance roles to help manage vendor relationships and strengthen oversight. AI is creating both opportunities and risks Artificial intelligence is helping defenders automate responses and improve detection. But it is also giving attackers new tools to generate phishing emails, create deepfakes or even write malicious code. Employers are starting to look for professionals who understand how to manage this emerging risk. Data privacy is more important than ever The UK Information Commissioner’s Office is taking a more assertive stance on enforcement, particularly around how customer data is stored and shared. This has led to growing interest in privacy-focused roles, especially in data-heavy sectors like retail and financial services. Zero Trust architecture is gaining traction Many organisations are moving towards a Zero Trust approach, where nobody inside or outside the network is trusted by default. This model requires specialists who understand identity management, access control and modern network design. Cloud misconfigurations are still causing problems Despite advances in tooling, simple mistakes in cloud setup continue to be a leading cause of breaches. This has made cloud security engineers essential, particularly those who can work closely with DevOps teams. Human error remains a challenge People are still at the heart of many breaches, whether through phishing, mis clicks or insider mistakes. Employers are increasingly focused on awareness, behaviour and building a culture of shared responsibility across their teams. The Most In-Demand Cybersecurity Roles for 2025 The hiring market is being shaped by a push for resilience, agility and long-term thinking. Cybersecurity has emerged as the third most in-demand skill, with talent shortages up 6% on last year. These cyber focused roles are seeing consistent demand across the UK: SOC Analyst – Specialists who monitor threats, investigate incidents and act as the first line of defence.Typical salary: £40,000 to £60,000 Cloud Security Engineer – Experts in building and securing infrastructure in AWS, Azure or Google Cloud.Typical salary: £70,000 to £100,000 GRC Specialist – Professionals who align security with risk, compliance and governance frameworks.Typical salary: £60,000 to £90,000 IAM Lead – Focused on identity and access management, a vital area as companies adopt Zero Trust models.Typical salary: £65,000 to £95,000 DevSecOps Engineer – Combining development, operations and embedded security across the software lifecycle.Typical salary: £75,000 to £110,000 Threat Intelligence Analyst – Providing real-time insight into evolving threats and advising on proactive measures.Typical salary: £50,000 to £85,000 Cybersecurity Analyst – A key all-rounder role, analysts monitor networks, investigate suspicious activity and support incident response efforts. They are often the first to identify and flag vulnerabilities.Typical salary: £45,000 to £70,000 We’re also seeing new hybrid titles emerge, such as Cyber Risk Manager or AI Security Consultant, reflecting the broader integration of security across the business. The Skills Employers Are Prioritising Employers are looking for more than technical knowledge, they’re searching for people who can make a real impact. Core technical skills include: Cloud security Incident response and threat hunting Identity and access management Zero Trust architecture Familiarity with UK regulatory standards and NCSC guidance Certifications often requested: CISSP, CISM, CISA CompTIA Security+ ISO 27001 Cloud security credentials (e.g. AWS or Azure certification) Soft skills are playing a bigger role too: Strong communication, especially with non-technical stakeholders Problem-solving in fast-moving environments Collaboration across departments Adaptability and strategic thinking Security is no longer confined to the IT team. Cyber professionals need to work closely with legal, operations, HR and even marketing , making soft skills essential. Challenges in Hiring Cybersecurity Talent There is no shortage of demand, but there are still real barriers when it comes to finding the right people. There simply aren’t enough candidates, particularly in areas like cloud security, GRC and threat analysis. Top talent is being snapped up quickly, often with multiple offers on the table. Hiring processes can be too slow or not well aligned with the role, leading to missed opportunities. Many employers struggle to assess technical capability, especially for niche roles. Cybersecurity professionals often need to be approached directly. Many are not actively applying for jobs, but may be open to a change if the role and organisation feel right. How Harvey Nash Supports Cybersecurity Recruitment At Harvey Nash, we have been supporting UK organisations with technology recruitment for over 35 years. Cybersecurity is now a fast-growing part of that journey. While this may be a newer specialism for us, we bring depth of experience, a broad talent network and a reputation for delivering results. We focus on understanding what makes each organisation unique, and tailoring our approach to find people who not only match the job description, but align with culture, values and long-term goals. Our consultants are embedded in the UK technology ecosystem and speak to cyber professionals every day. We’re able to advise on salary expectations, skill trends, and how to position roles in a competitive market. If you are building out your cyber team in 2025, and looking for a recruitment partner who understands both the urgency and complexity of the task, we’d love to talk. Please contact us here. Find all our cybersecurity jobs here. Conclusion Cybersecurity is no longer just an IT issue, it’s a board-level priority and a key pillar of operational resilience. The landscape is changing fast, and the organisations that succeed will be those that invest early in the right people. 2025 is shaping up to be a defining year for cybersecurity hiring. Whether you’re scaling up your team, building capability from scratch, or rethinking your security strategy, the right talent can make all the difference. At Harvey Nash, we’re here to help you navigate the market, connect with the right people and build a team fit for the future. If you’d like to explore how we can support your cybersecurity hiring plans, get in touch with our team here.  Mo Gaibee – Cyber Security

The demand for AI skills is outpacing supply at an extraordinary rate. According to the latest Nash Squared/Harvey Nash Digital Leadership Report, 51% of global tech leaders now say their organisation has an AI skills shortage, almost double the 28% reported just a year ago. AI has leapt from sixth to the number one most-scarce skill in just 18 months, marking the steepest rise seen in over 15 years of research. Featured in a recent ZDNet article, Nash Squared CIO Ankur Anand , offers timely insight into why the gap has grown so significantly, and what organisations can do to address it. He points to the speed of innovation as a key factor: “There’s an unprecedented pace of development in generative AI and the supporting large language models… Professionals must learn new skills quickly, and traditional learning methods can’t keep pace.” The article explores how forward-thinking leaders are adapting, from rethinking recruitment to embedding continuous learning, and ensuring their organisations can attract and retain the right blend of AI expertise and ethical awareness. You can read the full ZDNet article, including Ankur Anand’s insights and reflections on the fast-moving AI skills landscape, here.

Harvey Nash’s Helen Fleming, Executive Director, and Peter Birch, Director of Technology and Digital Executive Search recently featured in a Computing article exploring why some technology leaders are receiving inflation-busting salary increases, and what sets them apart. Drawing on the latest insights from the 2025 Harvey Nash Digital Leadership Report, the article reveals that over half of technology leaders globally received a pay rise last year, with 11% securing an uplift of over 10%. The data points to a clear pattern, the most rewarded leaders are working in businesses where technology is seen as a growth engine, not just a cost centre. These organisations are more likely to be investing in AI at scale, expanding their tech teams, and backed by leaders who view technology as a strategic enabler. Helen and Peter share advice for tech leaders looking to improve their earning potential - from aligning with forward-thinking, tech-driven organisations to choosing sectors with stronger demand and budgets for senior digital talent, such as financial services, healthcare, and defense. To find out how the most successful leaders are shaping their careers – and their compensation – read the full article in Computing.

Skills shortages continue to stalk the technology industry. Although not as acute as in the post-pandemic period, large proportions of technology leaders admit that skills shortages are holding them back. In this year’s Nash Squared/Harvey Nash Digital Leadership Report (DLR), AI tops the list with 51% of leaders reporting a skills shortage, but other areas rank highly too, notably big data/data engineering (36%), cyber security (33%), and cloud and platform engineers (26%). It isn’t just that these skills are hard to find – some technology leaders may not have the headcount room to recruit additional staff. Although a healthy 41% of technology leaders expect to see headcount growth in their teams this year, this is down from 50% in 2023. Budgets follow a similar pattern – with a slight fall in leaders expecting a technology budget increase, from 45% in 2023 to 39% now. While many digital leaders are still anticipating headcount and budget growth, the numbers have subsided somewhat in a tighter economic environment.  The DLR shows us that for many technology leaders, at least part of the solution to this conundrum is outsourcing – using external solution providers for specific projects and activities. Over four in ten technology leaders expect their use of outsourcing to increase in the coming year, compared to 34% who say directly employed headcount will rise, and 29% who expect indirectly employed headcount (contractors, temporary staff) to increase. Only 15% of leaders expect outsourcing to decrease, a much lower proportion than those who say that of direct employment (25%) and indirect (20%). Tech leaders’ sentiment towards increasing outsourcing in the coming year has been backed up by Statista, that forecasts the IT outsourcing market  will  be worth £44bn in 2025, with a projected annual growth rate of over 9% from 2025-2029.  Outsourcing attractions Given the cost of outsourcing as a solution, it may seem almost counter-intuitive that it tops the list at a time of economic caution. However, I believe there are a number of compelling factors that are putting it higher on tech leaders’ agendas. Firstly, outsourcing is very flexible. In times of uncertainty, having a resourcing model that can quickly ramp up and down as needed is appealing.  Secondly, it’s easy. Most organisations, certainly large ones, will have agreements already in place with a number of consultancies and solutions providers that can be activated or extended when needed. It’s a quick and straightforward fix to a resourcing or workload issue. It’s a reflection too of how the barrier between what lies inside an organisation and what lies outside has lowered. Technology itself, like cloud and the productisation of software and business activities that previously were home-grown, has made it easier for some things, especially operational activities, to be done externally. The explosion in remote working has lowered the barrier even further. It is also a route to quality. With the right provider, backed up by precise SLAs and rigorous performance metrics, a buyer should be assuring themselves of a good outcome that achieves the goals and objectives set. It’s rather like the old saying that “no one got fired for buying IBM”. If you’re using a leading consultancy/solutions provider, you should be on safe ground. With ever more solutions specialists and niche providers in the market, it’s also possible to find support for practically any need – whether that’s a managed service, application transformation, cyber, data and AI, or cloud. There are often a number of wider benefits too. Beyond the immediate work they’re doing, a good consultancy will offer wider guidance, best practice insights and thought leadership on emerging areas such as AI. But perhaps equal to all of these factors in the current climate is that outsourcing doesn’t add to headcount – it’s just spend. As long as there is room in the existing budget, there is no need – or only a limited one – for difficult discussions with HR or other leadership. At a time when the cost of employment is rising through NI increases, and when IR35 changes are also making the use of contractors more complicated, contracting with an outsourced service provider becomes more attractive.  Balancing resourcing models This is something we’re seeing ourselves at Harvey Nash, where increasingly more clients are asking us to put together a team of people under a services agreement, rather than to recruit individuals in different roles. It’s a variation on going to a services provider and is becoming a more common ask across the recruitment industry. That’s not to say other models won’t continue to be key. Indirect employment of contractors and freelancers remains another flexible tool that always grows when market conditions are tight. Meanwhile, organisations continue to hunt for the right talent to bring in internally. Tech leaders still place primacy on their own teams. Candidates with the requisite skills and experience remain in demand.  More than anything, our findings underline that managing technology in a continually evolving environment is complex. That’s why technology leaders need to juggle multiple resourcing models and continually assess the balance as they strive to help their businesses modernise, transform and grow.