ISACA

14% of professionals ranked modernizing legacy systems as a top digital trust priority in 2026.

30% of professionals indicated that workforce upskilling in data security is very important in 2026.

59% of professionals identified AI-driven social engineering as a significant cyber threat for 2026.

64% of professionals ranked regulatory compliance as a very important priority in 2026.

63% of professionals expect to hire for digital trust roles in 2026.

41% of professionals support statutory cybersecurity guidance for high-risk sectors in 2026.

18% of professionals believe increased government funding for cyber skills and workforce development is the most important factor for enhancing cybersecurity resilience in their country.

51% of professionals anticipate difficulty filling digital trust roles with qualified candidates in 2026.

43% of professionals in digital trust fields identified cloud migration and security as very important focus areas in 2026.

61% of professionals identified AI and machine learning as top technology priorities for 2026.

Only 12% of professionals reported having a strong talent pipeline for digital trust roles.

45% of professionals indicated they will be hiring for more digital trust roles in 2026 than in 2025.

32% of professionals expect regulatory complexity and global compliance risks to be major concerns in 2026.

Only 18% of professionals feel fully ready for new regulations like NIS2 and DORA in 2026.

Only 14% of professionals reported that their organization is very prepared to manage generative AI risks in 2026.

61% of respondents indicate that adaptability is very important in determining a cybersecurity applicant's qualifications.

The top three most important soft skills needed by security professionals are critical thinking (57%), communication (56%), and problem solving (47%).

Only 41% of respondents believe their cybersecurity budgets will increase in the next 12 months, compared to 47% last year.

18% of survey respondents believe their cybersecurity budgets will decrease in the next 12 months, compared to 13% last year.

The percentage of respondent enterprises that provided training to allow nonsecurity staff to move into security roles dropped considerably, from 41% last year to just 29% this year.

The top method to address technical skill gaps is increasing usage of contract employees or outside consultants (30%), which is a decline from 36% last year.

Prior hands-on cybersecurity experience is considered very important by 60% of respondents, marking a decline from 73% last year.

Professional development training is the most common employer benefit at 60%, three percentage points higher than last year.

Employer-paid employee certification fees dropped to the second most common benefit, offered by only 54% of respondents, a decrease from 65% in 2024

High work-stress levels, limited promotion and development opportunities, and recruitment by other enterprises are the top reasons cybersecurity professionals leave their current roles.

66% of respondents indicate that their cybersecurity roles are significantly or slightly more stressful now than five years ago.

The complex cyber threat landscape is cited as the main reason for stress by 63% of respondents in 2025, down from 81% in 2024.

Soft skills are the largest reported skill gap in cybersecurity, increasing from 51% in 2024 to 59% in 2025.

Half of respondent enterprises have challenges retaining qualified cybersecurity professionals, which is the lowest percentage reported since 2020.

5 percent consider quantum computing a high priority for near-term planning.

19 percent say they have discussed quantum computing but not made any formal plans.

62% of technology and cybersecurity professionals are worried that quantum computing will break today’s internet encryption.

37 percent have not discussed quantum computing at all.

46 percent say quantum computing will create revolutionary innovations.

A third of global cyber and IT professionals (30 percent) do not have a good understanding of the capabilities of quantum computing.

41 percent say they do not plan to address quantum computing at this time.

Nearly half (48 percent) are very or somewhat optimistic about quantum computing’s impact in their sector/industry.

57 percent say quantum computing will create new business risks.

Forty percent are not aware of their company’s plans regarding quantum computing.

95% of organizations lack a quantum computing roadmap.

15 percent say qunatum computing is on their long-term roadmap but not a near-term priority.

Just 5% say quantum computing is a high priority for the near future.

24 percent don’t know how their organization views quantum computing within its current technology or innovation strategy

Only 7 percent of the poll respondents say they have a strong understanding of the new NIST standards.

Only 5% say their organizations have a defined quantum computing strategy.

63 percent believe quantum computing will speed up computational tasks or data analysis significantly.

Forty-four percent admit they have never heard of the new NIST standards

Sixty-three percent say quantum will increase or shift cybersecurity risks.

56 percent cite "harvest now, decrypt later" as a concern for quantum computing.

More than half (55 percent) of enterprises have not taken steps to prepare for quantum computing.