Skills Shortages: The Top Cyber Threat Over Hiring
▼ Summary
– A new ISC2 report reveals that 59% of global organizations face critical or significant cybersecurity skills shortages, a sharp increase from 44% the previous year.
– The most pressing technical skill shortages are in AI (41%), cloud security (36%), and risk assessment (29%), with talent scarcity and budget constraints being the primary drivers.
– These workforce shortages have severe consequences, with 88% of respondents linking them to at least one significant cybersecurity incident and many citing process oversights and system misconfigurations.
– The focus is shifting from simply increasing headcount to acquiring critical skills, as staff shortages slightly decreased and more organizations report having the right number of professionals.
– Cybersecurity professionals increasingly view AI as a career-enhancing tool, with most integrating it and gaining related skills, while remaining confident in the long-term strength of their profession.
A new global study reveals that a severe shortage of critical cybersecurity skills is now a more dangerous threat to organizations than simply not having enough staff. The research indicates that while overall headcount is stabilizing, the lack of specific expertise is directly leading to security incidents and weakened defenses. This skills gap is creating tangible risks, with a staggering 88% of professionals reporting it has caused at least one significant cybersecurity incident.
The comprehensive survey, which gathered insights from over 16,000 industry practitioners, found that 59% of organizations are grappling with critical or significant skills shortages, a sharp increase from 44% the previous year. While both technical and non-technical skills are needed, the demand for technical proficiency is more urgent. Artificial intelligence expertise is the most glaring need, cited by 41% of respondents. This is followed by cloud security (36%), risk assessment (29%), and application security (28%). The primary obstacles to filling these gaps are a straightforward lack of available talent (30%) and insufficient budget (29%).
The consequences extend far beyond unfilled job requisitions. The data shows these shortages have real-world impacts on security posture. Beyond the high rate of incidents, 26% of professionals noted oversights in vital processes and procedures. Similar numbers reported problems like system misconfigurations, leaving systems unsecured, and an inability to adopt new security technologies, all at 24%.
Interestingly, this year’s research marks a shift in perspective. For the first time, the study did not calculate a global workforce gap number, reflecting feedback from the field. Professionals are signaling that the pressing issue is no longer just hiring more people, but ensuring the existing workforce possesses the right, highly specialized skills. This is supported by data showing a slight stabilization in headcount; reports of significant staff shortages dipped to 19%, while more organizations feel they have the appropriate number of professionals.
Amid these challenges, the relationship between cybersecurity professionals and artificial intelligence is becoming notably positive. As adoption grows, most now see AI as a career enhancer rather than a job threat. Approximately 69% are actively integrating, testing, or evaluating AI tools, and 73% believe AI will create demand for more specialized skills. Nearly half are working to build general AI knowledge, and over a third are focusing on understanding AI-related vulnerabilities. Industry leaders observe that professionals are leveraging AI to automate tasks and are proactively building expertise, viewing it as a clear opportunity for advancement.
Despite widespread reports of exhaustion and heavy workloads, the profession’s outlook remains fundamentally strong. An overwhelming 87% of respondents believe there will always be a need for human cybersecurity experts, and 81% are confident in the field’s enduring strength. The focus is now squarely on bridging the critical skills divide to empower teams and build more resilient defenses.
(Source: InfoSecurity Magazine)
