Security Teams Struggle to Find Training Time for New Threats

▼ Summary
– 73% of organizations increased their security training budget over the past year, with 47% identifying AI as the most pressing skill gap to address.
– Despite budget increases, 98% of organizations allow training during work hours, but 53% of respondents still face challenges finding time for it during the workday.
– Training barriers include keeping content current (45%), finding qualified trainers (39%), lack of employee willingness (37%), and lack of leadership support (32%).
– 29% of cybersecurity leaders report lacking sufficient budget to provide up-to-date training for their teams.
– The report recommends making training effective by protecting dedicated time for it, adjusting workloads, and equipping managers to prioritize learning.
A new study from ISC2 reveals a critical disconnect in enterprise cybersecurity: while security training budgets are rising, many teams simply cannot find the time to actually learn. The survey, which gathered responses from nearly 1,000 cybersecurity leaders at large organizations worldwide, underscores that emerging technology threats,especially AI,are outpacing the workforce’s capacity to prepare.
The report, titled How Enterprises are Strengthening Their Cybersecurity Teams Through Training, indicates that 73% of organizations have increased their security training budgets over the past year. This surge in funding is a direct response to new technological risks, with nearly half of respondents (47%) identifying AI as the most pressing skill gap their training programs aim to address.
However, increased financial resources do not automatically translate into effective upskilling. The primary obstacle is time availability. While 98% of security leaders say their organizations permit employees to pursue training during work hours, only 53% report that their teams can actually engage with it. The daily demands of incident response, system monitoring, and vulnerability management often push learning aside.
Beyond time constraints, other significant barriers to effective cybersecurity training include keeping content current and relevant (45%), finding qualified trainers (39%), a lack of employee willingness (37%), and insufficient support from leadership (32%). Furthermore, despite overall budget increases, 29% of leaders still say they lack the funds needed to deliver up-to-date training.
Despite these hurdles, most security leaders rated their existing programs as very or extremely effective in improving key processes over the past year. This suggests that even imperfect training yields value, but it also highlights a missed opportunity for greater impact.
ISC2 stresses that continuous training is essential for staying ahead of evolving cyber threats. The key, according to the report, is to protect dedicated time for learning by adjusting workloads and equipping managers with the resources to prioritize development. “Make that commitment real by protecting dedicated time for training, meaningfully adjusting workloads and equipping managers with the guidance and resources they need to help their teams prioritize learning,” the report advises. “When time is built into the workday and supported by management, security teams may be more likely to take full advantage of training opportunities.”
The findings are based on 995 responses from cybersecurity leaders in enterprises with over 5,000 employees across Canada, Germany, India, Japan, the UK, and the USA.
(Source: Infosecurity Magazine)




