Cybersecurity's New Focus: Skills Over Staffing in AI Era

Cybersecurity teams globally are navigating a significant transformation, with a new study indicating that critical skill shortages have become a more pressing concern than traditional headcount deficits. This insight comes from the 2025 Cybersecurity Workforce Study by ISC2, a nonprofit organization for cybersecurity professionals. The comprehensive research, drawing on responses from approximately 16,029 cybersecurity experts worldwide, underscores a landscape where economic pressures are stabilizing, yet the demands on security personnel are intensifying due to evolving technological challenges.

While budget reductions and layoffs, prominent issues in the previous year, have largely leveled off, underlying workforce challenges persist and are taking new forms. The study reveals that a substantial portion of organizations, 33%, lack sufficient resources to adequately staff their cybersecurity teams. Furthermore, 29% of respondents indicated an inability to afford hiring individuals with the necessary specialized skills to protect their organizations effectively. This financial constraint directly impacts security efficacy, with nearly three-fourths, 72%, of professionals believing that reducing security personnel significantly escalates the risk of a data breach within their organizations.

Despite these ongoing challenges, there are signs of economic stabilization influencing cybersecurity budgets. Reports of budget cuts slightly decreased to 36% in 2025, a one percentage point drop from 2024, and layoffs also saw a marginal decline to 24%. Casey Marks, Chief Operating Officer at ISC2, noted that current data and professional sentiment suggest no significant acceleration in budget cuts or layoffs for 2026. While economic conditions will always play a role in workforce development, the overall outlook does not point to a worsening trend in the near future.

Escalating Skill Deficiencies and Their Repercussions

A critical finding from the study is the direct correlation between skill shortages and increased security vulnerabilities. An alarming 88% of respondents reported that their organizations experienced at least one significant cybersecurity incident due to insufficient skills. More concerning, 69% of these professionals cited multiple such events, highlighting a pervasive and growing problem. The severity of skill requirements has also escalated dramatically, with 95% of respondents identifying at least one skill need, a 5% increase from the previous year. A substantial 59% reported critical or significant skill gaps, marking a 15% jump from 2024.

Debra Taylor, ISC2 Acting CEO and CFO, emphasized this shifting dynamic, stating that the most urgent concern for cybersecurity teams is no longer just the number of staff, but the specific skills they possess. These skill deficits not only elevate cybersecurity risks but also pose considerable challenges to overall business resilience. The consequences of these gaps are diverse and impactful.

Organizations are grappling with oversights in cybersecurity processes and procedures, reported by 26% of respondents. Another 25% are forced to assign underqualified or inexperienced individuals to critical roles, exacerbating potential vulnerabilities. The lack of time or resources for training cybersecurity staff affects 25% of organizations, while 24% are dealing with misconfigured systems, all stemming from skill shortages. Furthermore, the report indicates that 24% of organizations find parts of their operations under-secured, and an equal percentage are unable to leverage emerging cybersecurity technologies due to these gaps.

While the study does not pinpoint specific technical domains for these consequences, the sheer volume of incidents underscores that developing capabilities has become paramount, surpassing the simple addition of staff. Marks highlighted AI and cloud security as the most pressing skill requirements for both hiring managers and cybersecurity professionals. The widespread reporting of skill needs, many of them significant, reinforces the idea that capability development is now more crucial than simply increasing headcount.

The Accelerating Integration of Artificial Intelligence

The study reveals a rapid acceleration in the adoption of artificial intelligence within cybersecurity operations. A significant 28% of respondents have already integrated AI tools into their day-to-day operations. When considering broader engagement, 69% of professionals are involved in some level of AI adoption, whether through active integration, rigorous testing, or early-stage evaluation. This swift transition from experimental phases to practical application marks a pivotal moment for the industry.

Marks noted how quickly AI has moved beyond experimentation into daily use. The fact that more than two-thirds of respondents are already leveraging, testing, or actively evaluating AI tools in their security programs is a strong indicator of its rapid assimilation. For those currently using AI, the majority are already experiencing measurable productivity gains, suggesting that AI is swiftly becoming an integral component of how security work is performed, rather than a futuristic concept.

Cybersecurity professionals largely view AI technology as a powerful career accelerator. The study found that 73% believe AI will lead to the creation of more specialized cybersecurity skills. Additionally, 72% anticipate that AI will necessitate more strategic cybersecurity mindsets, prompting a shift towards higher-level thinking. A substantial 66% of professionals also believe that AI will demand broader skillsets across the workforce, pushing individuals to expand their expertise.

For the second consecutive year, AI stands out as one of the top critical skills needed, cited by 41% of respondents in the 2025 study, closely followed by cloud security at 36%. The proactive response to this trend is evident, with 48% of respondents actively working to acquire generalized AI knowledge and skills. Furthermore, 35% are educating themselves on AI solutions and their associated risks to better understand potential vulnerabilities and exploits. Marks explained that this proactive approach is driven by the perception that AI will boost careers, prompting professionals to develop and expand their knowledge base to future-proof their careers. They view AI as a catalyst for new, more specialized skills, increased strategic responsibilities, and wider career pathways.

Enduring Job Satisfaction Amidst Challenges

Despite the increasing pressures and evolving skill demands, the cybersecurity profession maintains high levels of job satisfaction and confidence. The research indicates that 87% of professionals believe there will always be a need for cybersecurity experts, reflecting a strong sense of job security. An impressive 81% are confident in the enduring strength of the profession, and 68% report satisfaction with their current job, a two percentage point increase from 2024. A robust 80% also express feeling passionate about their work, highlighting a deeply rooted commitment to the field.

Marks elaborated that while satisfaction with individual organizations and leadership may vary, the high confidence in the profession itself acts as a powerful stabilizing force. Cybersecurity is inherently a mission-driven field, and the pervasive sense of purpose contributes significantly to job fulfillment. The study’s findings also show that 71% are satisfied with their day-to-day experience, reinforcing the idea that a large majority of professionals believe their role will remain essential long-term and that their passion for the work will continue.

However, the profession is not without its strains. Almost half, 48%, of respondents feel exhausted from the constant effort to stay updated on the latest cybersecurity threats and emerging technologies. Additionally, 47% feel overwhelmed by their workload, pointing to challenges that require organizational attention. The ISC2 findings suggest that sustained investment in skills development, particularly related to AI, combined with realistic workload expectations and support for continuous learning during working hours, are crucial for mitigating burnout and sustaining professional well-being.

Career development also remains a significant factor for cybersecurity professionals. Nearly one-third, 31%, consider advancement opportunities critical, and 23% cited unplanned financial or benefit rewards as key motivators. While 75% are likely to remain at their current organization for the next year, this number drops to 66% when considering a two-year horizon. This trend underscores the importance for organizations to rethink their strategies for cybersecurity workforce development. Marks concluded that the data reveals tremendous individual initiative in AI upskilling, with nearly half of respondents independently building AI skills and many planning to pursue AI-focused qualifications. While organizations are investing in development through training budgets, internal education, and cross-training, the sheer scale of demand for AI skills is significant. The research clearly shows widespread individual and organizational investment in AI upskilling, a trend expected to continue growing.