ISC2

In 2025, 28% of cybersecurity professionals reported having already integrated AI tools into their operations.

In 2025, 33% of cybersecurity professionals stated their organizations do not have the resources to adequately staff their teams.

95% of cybersecurity professionals reported that they have at least one skill need in 2025, marking a 5% increase from 2024.

88% of cybersecurity professionals have experienced at least one significant cybersecurity consequence in their organizations due to a skills shortage.

In 2025, 36% of cybersecurity professionals reported budget cuts in their organizations, a decrease of one percentage point from the previous year.

72% of cybersecurity professionals agree that reducing security personnel significantly increases the risk of a breach in their organizations.

68% of cybersecurity professionals reported being satisfied in their current job in 2025, an increase of two percentage points from 2024.

87% of cybersecurity professionals believe there will always be a need for cybersecurity professionals.

48% of cybersecurity professionals feel exhausted from trying to stay current on the latest cybersecurity threats and emerging technologies.

73% of cybersecurity professionals believe AI will create more specialized cybersecurity skills.

31% of cybersecurity professionals view advancement opportunities as a key factor for their workforce engagement.

The smallest organizations are among the most conservative when it comes to adopting AI tools, with 23% reporting no plans to evaluate AI security tools.

31% of cybersecurity professionals believe that AI will create new types of entry- and junior-level roles or increase demand.

Mid-to-large (2,500–9,999 employees) and smaller (100–499 employees) organizations each have 33% adoption rates of AI tools.

Within both financial services and commercial/consumer sectors, 41% of professionals reported actively evaluating AI tools.

36% of those in the public sector indicated they are actively evaluating AI tools.

The top five areas where AI security tools are expected to have the most positive impact on operations in the shortest amount of time, by improving efficiencies and automating time-consuming tasks, are network monitoring and intrusion detection (60%), endpoint protection and response (56%), vulnerability management (50%), threat modeling (45%), and security testing (43%).

44% of cybersecurity professionals said that their organizations are actively reconsidering the roles and skills needed to support the adoption and use of AI security tools

Mid-sized (500–2,499 employees) and the smallest (1–99 employees) organizations show the lowest adoption rates of AI tools, with 20% in each group.

Among cybersecurity professionals who have already adopted AI security tools, 70% report positive impacts on their team's overall effectiveness.

Nearly half (44%) of cybersecurity professionals agreed that their organization's cybersecurity hiring has not yet been affected by the introduction of AI security tools.

21% of cybersecurity professionals say AI has changed their hiring plans and priorities in their organizations.

44% of cybersecurity professionals report no impact on hiring from current or expected adoption of AI security tools.

Leading industries in adoption, evaluation, or testing ot AI are industrial enterprises (38%), IT services (36%), commercial/consumer sectors (36%), and professional services organizations (34%).

More than half (52%) of cybersecurity professionals say AI will significantly or somewhat reduce the need for entry-level staff.

28% of cybersecurity professionals see AI creating new opportunities for entry-level talent.

The majority (42%) of cybersecurity professionals are currently exploring or testing the adoption of AI security tools.

Largest organizations (over 10,000 employees) lead in AI tool adoption, with 37% actively using them.

Financial services and the public sector currently report the lowest adoption rates of AI tools, at 21% and 16%, respectively.

30% of cybersecurity professionals are already using AI tools.

30% of cybersecurity professionals have already integrated AI security tools into their operations.

Three of the top five skills prioritised by cybersecurity hiring managers are non-technical abilities.

53% of cybersecurity hiring managers expect junior-level cybersecurity professionals to handle Backup, Recovery and Business Continuity.

30% of cybersecurity hiring managers expect entry-level cybersecurity professionals to handle Physical Access Controls.

84% of cybersecurity hiring managers use skills-based assessments and/or tests for entry- and junior-level cybersecurity applicants.

46% of cybersecurity hiring managers believe apprenticeships are effective methods for identifying early-career talent.

50% of cybersecurity hiring managers expect junior-level cybersecurity professionals to handle Penetration Testing.

54% of cybersecurity hiring managers have passed on candidates due to their social media activity

Cybersecurity hiring managers reported spending between U.S. $1,000 and $4,999 to train entry-level (45%) and junior-level (38%) team members to handle tasks independently.

Most cybersecurity hiring managers surveyed (91%) reported providing professional development opportunities for entry- and junior-level team members during work hours.

43% of cybersecurity hiring managers expect entry-level cybersecurity professionals to handle documentation of processes and procedures.

55% of cybersecurity hiring managers believe internships are effective methods for identifying early-career talent.

35% of cybersecurity hiring managers expect entry-level cybersecurity professionals to handle Alert and Event Management.

When evaluating candidates, 89% of cybersecurity hiring managers would consider candidates with only entry-level cybersecurity certifications.

81% of cybersecurity hiring managers would consider candidates who only have an education in IT, cybersecurity or computer science.

45% of cybersecurity hiring managers stated that training junior-level cybersecurity team members to handle tasks independently typically takes 4–9 months.

A majority of cybersecurity hiring managers surveyed (56%) stated that training entry-level cybersecurity team members to handle tasks independently typically takes 4–9 months.

32% of cybersecurity hiring managers expect entry-level cybersecurity professionals to handle Reporting (Developing, Producing).

29% of cybersecurity hiring managers expect entry-level cybersecurity professionals to handle User Awareness Training.

53% of cybersecurity hiring managers expect junior-level cybersecurity professionals to handle Intrusion Detection.