Summary Bullets:
- While the escalation in cybersecurity cuts leveled off in 2025, the ISC2 survey showed economic instability is keeping IT budget expansion in check, which is a cause for concern that organizations will hold off on making needed investments in cybersecurity.
- AI is changing the IT industry as a whole, and cybersecurity specifically. Seen as both an offensive weapon and a potential defensive shield, security professionals see the technology as opportunistic for their careers rather than a threat to job security, offering them a chance to hone their skills and improve their professional trajectory.
One of the most significant challenges in cybersecurity is the resource constraints and skills gaps that plague so many organizations. Add to the mix technologies like AI that enterprising threat actors are all too eager to insert into their arsenals, and the issue of staff limitations is magnified. In its 2025 ISC2 Cybersecurity Workforce Study, the non-profit association uncovered a profession balancing the struggle to keep ahead of increasingly sophisticated adversaries while also savoring the chance to leverage AI and other technologies to elevate their defenses. The annual study of industry workplace trends, which surveyed 16,020 security professionals globally, found resource constraints are front and center in impacting the cybersecurity workplace.
Budget cuts are having a material impact on staffing levels, with 33% acknowledging they don’t have adequate security personnel. Twenty-nine percent don’t have the budget to employ staff with the required skills. That said, 55% said they currently have the appropriate security staff in place to protect their enterprise assets from incidents in the next two to three years.
The research participants see a direct correlation between having sufficient security staff in place to mounting an effective defense. Seventy-two percent said cutting staff pointedly creates an environment vulnerable to attack, with 76% calling for organizations to face consequences if they suffer a security incident after laying off cybersecurity professionals.
Having staff skills match organizational priorities is essential, with AI topping the list and 41% saying knowledge of the technology is critical. Experience in cloud security is crucial to 36% of organizations, followed by risk assessment expertise (26%) and a strong knowledge of application security (28%). Having security engineering experience and a working history navigating governance, risk, and compliance (GRC) are also important, with 27% citing both.
As defensive tools, AI-powered solutions promise to lessen repetitive manual interventions, freeing up time for security practitioners to focus on more strategic tasks. Twenty-eight percent have integrated AI security tools into their ordinances, with another 41% either actively testing them or in an early evaluation phase of AI-driven security tools.
Experiences with security solutions built on AI has been positive, as 63% said they have substantially increased their productivity.
Security professionals expect AI to have the most immediate positive security impact on network monitoring (40%), followed suit by security operations and testing – 30% for both. Other areas the respondents cited as presuming to benefit from AI include vulnerability management (29%), threat modeling (28%), and endpoint protection (also 28%). ISC2 researchers pointed out that these are all time-consuming activities that are also ripe for automation.
While AI is widely perceived in many sectors as a threat to job security, that isn’t the case with cybersecurity professionals. Seventy-three percent expect AI to open the door for more specific cybersecurity pathways, and 72% believe the technology will require more strategic approaches. Sixty-six percent also see AI adoption as driving the need for more communication skills.
You must be logged in to post a comment.