ISC2 has released its 2025 Cybersecurity Workforce Study, and while the economic headwinds that battered security teams last year appear to be stabilizing, the industry’s skills gap is getting worse.
The report, based on responses from more than 16,000 cybersecurity professionals, indicates that layoffs and budget cuts have ceased to accelerate.
Reports of budget cuts (36%) and layoffs (24%) dipped slightly year over year. However, that modicum of relief isn’t translating into stronger teams. A third of respondents claimed their firms still can’t afford to staff security properly, and nearly as many reported they can’t hire the expertise they need.
Unsurprisingly, 72% agreed that shrinking headcount directly increases the risk of breach.
Skills Now Outrank Staffing as the Top Risk
The most remarkable shift, is that skills, not headcount, are now the primary concern.
Almost nine in 10 professionals said their business suffered a significant cybersecurity incident due to a skills gap, many of them more than once. Ninety-five percent reported at least one skill is needed (up five points from 2024), and critical skill shortages have jumped 15% year over year.
“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said ISC2 Acting CEO and CFO Debra Taylor, CC.
“Skills deficits raise cybersecurity risk levels and challenge business resilience. At the same time, we are seeing emerging technologies like AI are perceived as less of a threat to the workforce than anticipated,” she added.
Instead, Taylor said many cybersecurity professionals see AI as an opportunity for career advancement. “They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems.”
AI Uptake Surges and Expands the Skills Mandate
According to the study, AI is quickly embedding itself into daily security operations.
Twenty-eight percent of those surveyed said they have already integrated AI tools, and nearly three-quarters (70%) are at least somewhere along the adoption curve, from evaluation to full deployment.
Professionals overwhelmingly believe AI will reshape the skills landscape:
- 73% expect more specialized AI-related cybersecurity skills
- 72% said AI will demand more strategic, big-picture thinking
- 66% claimed it will broaden the mix of skills required across teams
AI is also the top rising skill demand for the second year running (41%), ahead of cloud security (36%). Nearly half of the respondents are actively building their foundational AI knowledge, while others are focusing on understanding AI-driven attack vectors and vulnerabilities.
Passion Remains High, Even as Burnout Looms
Despite constant pressure and fast-moving threats, cybersecurity professionals are deeply committed to their work.
- 87% believe cybersecurity roles will always be needed
- 81% are confident in the long-term strength of the profession
- 80% said they’re passionate about the work they do
Job satisfaction also improved slightly, though stress indicators are still high. Forty-eight percent said staying current with threats is exhausting, and 47% are overwhelmed by workload.
Retention outlooks are steady in the near term (75% said they expect to stay with their current employer for the next year), but their confidence falls to 66% over a two-year window.
Career advancement and recognition are always key drivers: nearly a third pointed to growth opportunities as key to engagement, while others cited rewards such as bonuses or extra time off.
The full 2025 ISC2 Cybersecurity Workforce Study, including recommended actions for leaders looking to build resilient teams, is available here.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.