The most creative parts of computer security are undecidable or NP-hard problems, a fact that creates a big divide in the computer security field: on the one hand, bug finding, exploit writing, secure code auditing and cryptographic protocol design are the most difficult tasks in the field to apprehend and resolve; but on the other hand, the pentesting process is largely better left to be done by software than by humans. The key insight is that no capital-labor substitution will ever take place in the first kind of activities, therefore productivity gains will never be achieved on them no matter what amount of innovation will ever be carried out in the next decades: that is, the same man-hours will be needed to produce the same amount of work in the future, if not more so, taking into account the exponentially rising number of computer systems and software components and their interactions.

And that is the depiction of the archetypal setting in which Baumol’s Cost Disease arises: tasks with no labor productivity improvements for decades, but with raising labor costs nonetheless, to keep up with the rising salaries in other jobs which did experience such labor productivity growth. The side effect of the disease, which makes it so nefarious to the computer security field, is that the best talent is lost to other tasks in this  process of constant readjustment.