After a hot 2024, broader macroeconomic conditions affecting cybersecurity specialists There are signs of stabilization in 2025, with reports of budget cuts and layoffs of cyber teams easing slightly this year after a sharp rise in the previous period. However, limited budgets remain a key factor in the ongoing cyber skills shortage.
This is according to the annual Cybersecurity Workforce Study produced by the cyber professionals association ISC2, which surveyed more than 16,000 security professionals for this year's report.
The non-profit organization, based in Virginia, US, reported that 33% of respondents said their organizations were not sufficiently resourced to adequately staff their teams, and 29% said they could not afford to hire the right people with the right skills to adequately protect their organizations.
As a result, ISC2 reports that 72% of security professionals now agree that workforce reductions significantly increase the risk of breaches for organizations; nearly nine in 10 said they had experienced “at least one” serious security incident due to skills shortages, and 69% had experienced more than one.
Roughly 95% said they have at least one skill needed on their teams, up 5% from 2024, and 59% cited “critical or significant” skill needs, up 15%.
“There’s a shift happening,” said ISC2 interim CEO and CFO Debra Taylor. “This year’s data clearly shows that the most pressing challenge for cybersecurity teams is not headcount, but skills. Skills shortages are increasing cybersecurity risks and threatening business resilience. At the same time, we are seeing the emergence of new technologies such as artificial intelligence. [artificial intelligence] are perceived as less of a threat to the workforce than expected.
“Instead, many cybersecurity professionals are looking at AI as a career opportunity,” she said. “They use AI tools to automate tasks and spend their time learning more and demonstrating their expertise in using and securing AI systems.”
As the potential of artificial intelligence has been positively received in the cybersecurity world, ISC2 has found that its members are constantly increased use of artificial intelligence toolshowever, 28% have already integrated them into their daily work, and 69% have either evaluated, tested or implemented them at some stage in the implementation process.
The data also shows that security professionals believe AI will have an impact on both the skills and perspectives needed to do the job. Nearly three-quarters said cybersecurity skills will become more specialized as a result of AI adoption; the same number said AI will create the need for more strategic security thinking, and a slightly smaller number said broader skills will actually be required.
Perhaps unsurprisingly AI skills have become the most in-demand skill set in the security industry For the second year in a row, 41% cited this figure, with cloud security trailing behind at 36%. About half of respondents said they are already working on their own general AI knowledge and skills, and about 35% are delving into areas such as using AI to better understand vulnerabilities and exploits.
I love what you do
Despite the obstacles, ISC2 found that security professionals generally have positive views of their work and the role they play in the industry as a whole, with 80% saying they are enthusiastic about their work.
An overwhelming majority, 87%, said they believe there will “always” be a need for security professionals; 81% expressed confidence that the profession will remain strong; 68% said they were satisfied with their current job, up 2% from 2024, with 75% planning to stay in their current job for at least another year.
But the passion and dedication of cyber professionals still comes at a cost: stress and burnout still haunt many people. Nearly half said they find it exhausting trying to keep up, and 47% say the workload is overwhelming at times.
