— Observing the IT market at the turn of 2025 and 2026, it is clear that the cybersecurity sector has become an autonomous economy within the technology industry – says Elwira Marczak, Regional & Digital Director at Randstad Polska.
— While other IT areas are still licking their wounds after employment adjustments and cost optimizations, the security area remains an unshakable bastion, even a “green island”, where the concept of crisis seems to be an abstraction – he adds.
The rest of the article is below the video
Cybersecurity requires a wider range of competencies
The growing demand is not only due to new regulations, but also to the fact that cybersecurity is increasingly becoming detached from classic IT.
— In many companies, digital security is still in the hands of IT teams. Meanwhile, cybersecurity requires different competences than system administration, because it combines knowledge in the field of risk management, audit, law, psychology of user behavior and crisis communication. The lack of a dedicated team means that protection activities are only reactive – explains Krystian Paszek, SOC Manager at Mediarecovery.
Elwira Marczak points out that with the expected entry into force of regulations related to NIS2, not only banks and software houses are competing for security specialists.
— Cybersecurity is no longer the domain of only technology companies or banks. Retail chains, logistics, energy and even the private healthcare sector are also competing for experts. Employers compete with international corporations which, forced by regulations, do not take costs into account just to meet compliance requirements and avoid draconian penalties, the expert emphasizes.
Read also: How do Polish companies use AI? The PwC report reveals the greatest barriers and benefits of artificial intelligence
Who are companies looking for?
Formally, the amendment to the national regulations implementing the NIS2 directive in Poland has not yet entered into force, even though the implementation deadline for EU Member States has already passed. The government project is on the legislative path, but the specific date of entry into force of the regulations remains open.
Meanwhile, for many organizations today, the biggest challenge is not technology budgets, but finding people who will be able to actually manage these processes.
From the employers' point of view, the key question is increasingly not “how much do we have to pay?”, but “is there anyone to pay?”. The global deficit of cybersecurity specialists is estimated at approximately 4.7 million people, which translates into wage pressure in individual countries, including Poland.
The “IT competence deficit” study conducted by SW Research on behalf of Scalo shows that as many as 41 percent companies indicate cybersecurity as the area with the greatest shortage of experts. This is more than AI and Machine Learning (33%) or IT project management (30%).
More than half of technology companies in Poland declare difficulties in finding candidates with appropriate competences, and cybersecurity is one of the most scarce specializations.
Read also: You don't ask for a raise, you negotiate a raise. Don't make these mistakes if you want a higher salary
The green island of the IT industry. This is how much specific specialists earn
Salary data shows that the eldorado continues for cybersecurity specialists. Paweł Łopatka, director of Experis Polska, informs that the average salary in IT in Poland exceeded PLN 22,000. PLN per monthbut the range for security roles is clearly higher. In the case of experienced engineers and security architects, the amounts range from PLN 25,000 to PLN 35,000. PLN net on the invoice are becoming a market standard, not an exception.
Architects and security leaders earn the highest rates – their salaries can exceed PLN 30,000. PLN per month. Even younger specialists, such as Incident Responder or Detection & Response Engineer, start from 10,000. zloty.
Salary ranges for cybersecurity specialists in specific positions
|
Zuzanna Staszewska-Jedynasty / Own work/AI
— In real recruitment processes that we conduct at Experis, we see that experienced experts at the senior level in areas such as cloud security, PAM/CyberArk or security architecture negotiate rates reaching and sometimes exceeding PLN 30,000. PLN net per month on a B2B contract – says Paweł Łopatka.
The new stars of the IT industry are GRC, NIS2 and cloud security experts
The biggest winners of the coming years may be specialists combining technology with regulations.
— Technical penetration testing experts and cloud architects are worth their weight in gold, but the real star of this recruitment season are GRC (Governance, Risk and Compliance) specialists. The market is desperately looking for experts who can translate digital risk into the language of the management board, and there are few such candidates. It is this hybrid of competences that increases rates most dynamically, says Elwira Marczak.
Paweł Łopatka indicates the three strongest role groups: Cloud Security Engineers, SOC/Detection & Response/Threat Hunting specialists and GRC/NIS2/Compliance and IAM/PAM experts.
– In addition, there is the promising, although niche, OT/ICS security related to industrial and energy systems – there, with the implementation of NIS2 and national regulations, the race for people is just beginning – he adds.
Read also: Job prospects in 2026. Check who employers are looking for
Is it easy to become a cybersecurity specialist?
Despite the huge demand, cybersecurity is not an easy market today. The barriers are higher than in many other IT specializations, but – as recruiters from Randstad and Experis emphasize – it is still possible to gradually enter the industry through roles such as SOC, system administration, networks or analytics.
In turn, for people already working in cybersecurity, this is a moment for very conscious development – especially in areas such as cloud, PAM, OT/ICS or NIS2 and DORA regulations, which will drive demand in the coming years – says Paweł Łopatka from Experis.
Companies must invest in people, not just tools
New regulations and the growing number of incidents make building competences within the organization a necessity.
— Today, it is no longer enough to hire an expert. It is difficult to find ready seniors on the market, so it is worth investing in improving qualifications within the organization or acquiring talents with development potential. Building security competences among administrators and programmers is the only way to fill the staffing gap in the long run, which will certainly not disappear in the coming years, summarizes Elwira Marczak.
At the same time, companies must understand that even the best technologically equipped SOC will not work without a security culture and aware users. For cybersecurity specialists, this means that the demand for their skills should continue for years – especially in the areas of cloud, regulation and risk management.
