Cybersecurity workforce study finds budget constraints stabilising, but skills shortages worsening

AI is creating new opportunities – and challenges

ISC2 report reveals how staff and budget cuts are increasing perceived security risk, while rapid AI adoption is reshaping skills requirements and creating new career opportunities

Whilst 2024 saw a surge in redundancies, budget cuts, and hiring and promotion freezes in cybersecurity, 2025 data reveals that the economic constraints on cybersecurity teams are showing signs of levelling off, with reports of budget cuts and redundancies decreasing by one percentage point this year.

The data comes courtesy of nonprofit member organisation for cybersecurity professionals ISC2 which today releases it's 2025 Cybersecurity Workforce Study, which surveyed more than 16,000 cybersecurity professionals.

Whilst the research found that the cutting of cybersecurity budgets was slowing down, previously implemented cuts had created serious staff shortages. 33% of respondents told researchers that their organisations do not have the resources to adequately staff their teams, while 29% said they could not afford to hire staff with the skills they need to adequately secure their organisations.

Consequently, 72% of respondents agreed that reducing security personnel significantly increased the risk of a breach in their organisations – a fact to which the string of high-profile cybersecurity breaches this year bears testimony.

Skill Shortages Surpass Headcount as Top Concern

The study highlights that while staffing shortages remain, professionals are concerned about the skills shortfalls in their businesses rather than the lack of staff specifically.

Nearly nine in 10 respondents (88%) claim to have experienced at least one significant cybersecurity incident in their organisations because of a skills shortage, and 69% have experienced more than one.

95% reported that they have at least one skill need which represents an increase of 5% from 2024, and 59% cited critical or significant skill needs – a 15% increase.

“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said ISC2 Acting CEO and CFO Debra Taylor, CC. “Skills deficits raise cybersecurity risk levels and challenge business resilience.”

AI Adoption Accelerates and Creates New Career Opportunities

The research found that AI adoption is progressing among cybersecurity professionals, with 28% of respondents having already integrated AI tools into their operations. In total, 69% are engaged in adoption activities such as integration, active testing, or early evaluation.

Data also suggests that cybersecurity professionals believe AI will create a need for new skills and perspectives within the cybersecurity workplace.

• 73% believe AI will create more specialized cybersecurity skills
• 72% say AI will create the need for more strategic cybersecurity mindsets
• 66% say AI will require broader skillsets across the workforce

41% of respondents cited AI as a top skill needed followed by cloud security (36%). Nearly half (48%) of respondents are already working to gain more generalised AI knowledge and skills, while others are educating themselves on AI solutions at risk to better understand vulnerabilities and exploits (35%).

“Emerging technologies like AI are perceived as less of a threat to the workforce than anticipated,” continued Debra Taylor.

“Instead, many cybersecurity professionals view AI as an opportunity for career advancement. They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems.”

Despite the challenges that AI may pose in the future, and the constraints within which they operate, cybersecurity professionals are generally optimistic about their future. 87% believe there will always be a need for cybersecurity professionals, 81% are confident the profession will remain strong and 80% say they are passionate about their work.

However, there is also a warning for employers because passion for cybersecurity can also create a great deal of stress. Almost half (48%) of respondents said they feel exhausted from trying to stay current on the latest cybersecurity threats and emerging technologies, and 47% feel overwhelmed by the workload.

Computing explored this subject in a recent episode of our Ctrl Alt Lead podcast, which you can find here.

You can find the full ISC2 research here.