State of Cybersecurity 2025 report

61% of respondents indicate that adaptability is very important in determining a cybersecurity applicant's qualifications.

The top three most important soft skills needed by security professionals are critical thinking (57%), communication (56%), and problem solving (47%).

Only 41% of respondents believe their cybersecurity budgets will increase in the next 12 months, compared to 47% last year.

18% of survey respondents believe their cybersecurity budgets will decrease in the next 12 months, compared to 13% last year.

The percentage of respondent enterprises that provided training to allow nonsecurity staff to move into security roles dropped considerably, from 41% last year to just 29% this year.

The top method to address technical skill gaps is increasing usage of contract employees or outside consultants (30%), which is a decline from 36% last year.

Prior hands-on cybersecurity experience is considered very important by 60% of respondents, marking a decline from 73% last year.

Professional development training is the most common employer benefit at 60%, three percentage points higher than last year.

Employer-paid employee certification fees dropped to the second most common benefit, offered by only 54% of respondents, a decrease from 65% in 2024

High work-stress levels, limited promotion and development opportunities, and recruitment by other enterprises are the top reasons cybersecurity professionals leave their current roles.

66% of respondents indicate that their cybersecurity roles are significantly or slightly more stressful now than five years ago.

The complex cyber threat landscape is cited as the main reason for stress by 63% of respondents in 2025, down from 81% in 2024.

Soft skills are the largest reported skill gap in cybersecurity, increasing from 51% in 2024 to 59% in 2025.

Half of respondent enterprises have challenges retaining qualified cybersecurity professionals, which is the lowest percentage reported since 2020.