AI skills gap ‘at least 10 times larger than cyber skills gap’

Jay Bavisi, head of the EC Council, on the AI hurdles facing SMEs

The AI skills gap hits harder for SMEs, explains Jay Bavisi, president of the International Council of E-Commerce Consultants, who weighs in on the critical AI skills IT professionals need now.

According to a 2025 report from Bain & Company, a global management consulting firm, 44% of executives say a lack of in-house expertise is slowing AI adoption.

Jay Bavisi, founder and president of the EC Council (International Council of E-Commerce Consultants) - a cybersecurity technical certification body - spoke with MES Computing about the biggest hurdles IT leaders face when there is a lack of in-house AI knowledge.

One of those hurdles is an aggressive push for AI by executive leadership.

“Executives are rushing to put the cart before the horse. Everyone wants to say they’re using AI, but very few are thinking about how to deploy it responsibly, securely and with governance in place,” Bavisi said.

A 2024 report from Asana found that 72% of IT leaders “experienced stress at least once a month over the past six months due to the pressure to implement AI-driven automation.”

Yet another burden for IT leaders is the stress AI places on the existing security infrastructure.

“We know how to defend networks and applications. But how do you defend an AI system when the model belongs to someone else, the data is yours, and the responsibility is still yours?” Bavisi said, describing the AI security conundrum.

AI governance is another beast tech leaders are trying to manage. Bavisi said that governance demands human oversight.

To address some of these issues, the EC Council, known for creating the Certified Ethical Hacker (CEH) credential, has launched its Enterprise AI Credential Suite. The programme offers four role-based AI certifications, according to the company’s news release:

AIE (AI Essentials): “A basic-level programme and certification to get everybody up to speed,” according to Bavisi.

Certified AI Programme Manager (C|AIPM): Prepares professionals to manage structured AI delivery and accountability.

Certified Responsible AI Governance & Ethics Professional (C|RAGE): Equips practitioners to operationalise governance expectations aligned with frameworks such as NIST AI RMF and ISO/IEC 42001.

Certified Offensive AI Security Professional (COASP): Trains security teams to test and defend AI systems against real-world attacks.

“The AI skills gap is at least 10 times larger than the cybersecurity skills gap because AI affects everyone,” Bavisi said. “This problem is even more acute for midmarket leaders - they don’t have the budgets, the deep pockets, or an AI head to think this through.”

AI “is more than ChatGPT,” he said. What he hopes IT leaders take away from the new programme is greater insight for their organisation on:

• How can we apply AI?
• What are the different LLMs out there?
• What should an AI programme life cycle look like?
• How do you think about security?
• What kind of governance controls should you have as you deliver AI?
• Have you thought about legal considerations?
• How do you think about the risks that are being surfaced as soon as deployment comes in?

“Humans will have to upskill themselves,” Bavisi said. “The one thing that we will not trust AI to do is have AI be the guardrails for AI.”

This article was first published on MES Computing