Flyalone - Adobe
Growing demand for AI-skilled cyber specialists
AI is increasingly at the heart of organisations’ digital transformation journeys – whether that’s to drive up efficiencies, generate powerful insights from data, delight customers, or supercharge internal productivity.
Some 90% of businesses are either piloting AI or carrying out small- or large-scale implementations – a dramatic jump from 59% in 2023, according to the 2025 Nash Squared/Harvey Nash Digital Leadership Report.
At the same time, the research reveals that cybersecurity is an area of growing concern. Having gone on a downward trend over the last few years, major attacks are reported to be on the rise again, with 29% of technology leaders saying their organisation has been subjected to a major attack in the past two years, the highest level since 2019. High profile cyber incidents here in the UK have also very much focused executive minds.
Given these two factors, it should be no surprise that AI is being increasingly deployed by cybersecurity teams – and that AI skills and capabilities are therefore in demand in the cyber domain.
AI embedded into the toolkit
At a leadership level, Chief Information Security Officers (CISOs) and/or the technology leader with responsibility for cybersecurity (such as the CIO) are expected by their boards to be fully in tune with the latest concepts and trends in security and protection, including the use of AI. The next generation of firewalls, for example, are becoming AI-enabled, as are the latest Network Detection & Response systems (NDRs).
At a team level, AI is better enabling early threat detection, threat triage and summarisation. Many different roles are becoming more reliant on intelligent technology. Security Operations Centre (SOC) analysts are using AI to identify the truly credible threats, reducing alert fatigue. AI is helping them to improve the visibility of risks, prioritise them and make decisions on next steps. Threat hunters are leveraging AI to identify stealth threats and dangers. Penetration testing teams (red teams/blue teams) are using AI both for deep testing of certain areas and to help summarise results in their reports.
It is not only internal teams that are leveraging the power of AI – it is an area of high focus for the specialist cybersecurity solution vendors. AI functions are being integrated into their toolsets across areas including automated testing and vulnerability detection. While a manual penetration test may take several days and only cover a small portion of the technology estate, a vendor using AI-enabled automated testing will likely be able to cover the entire estate in the same length of time.
AI skills moving up the cyber recruitment criteria
The result is a significant war for cyber talent as companies, vendors and big tech compete for the best cyber leaders and professionals. Cyber skills are the third highest area of demand behind only AI itself and Big Data/analytics. In their search, AI capabilities are fast becoming one of the criteria employers are taking into account. While we are not yet at the stage where experience of AI is a mandatory requirement, nevertheless those who can demonstrate real-life experience of using the technologies are likely to be at a significant advantage. They may also be able to command a premium in their renumeration or rate. Another attraction to employers is that these individuals can then share their knowledge and help upskill existing teams.
It is therefore a good time to be a cyber professional. At a senior level, many individuals are deciding, due to sheer demand from the market, to leave their full-time roles and pursue a rewarding portfolio career. At a team level, those with the requisite skills and experience can usually expect to receive a number of offers and move into a well-remunerated position.
Retention challenge
The result is that retention can be a significant issue for organisations, as cyber leaders and team members may get lured elsewhere by attractive offers. Working in cybersecurity also comes with a fairly high degree of pressure. Protecting an organisation against a proliferating array of threats – which are increasingly sophisticated, often utilising AI technologies themselves – can be a demanding and stressful task. Attrition can therefore be an issue as some cyber specialists may decide to look for a role in an adjacent area instead. As a result, retention becomes as important as talent attraction. Technology leadership needs to ensure that the importance of cybersecurity is elevated across the business and that cyber teams are appropriately invested in – equipped with the tools and resources they need, supported by training and upskilling where applicable, and appropriately rewarded and incentivised.
A hybrid future?
There is little doubt that AI will have a growing impact on cyber teams and roles moving forward. As criminals put AI at the heart of their attack techniques, so businesses must do the same in defence. However, while we are likely to see rising levels of automation in cyber threat detection, prevention and response, there will always be the need for a skilled and experienced human team. In an area as critical as security, it would be perilous to rely completely on AI. People will need to calibrate, prompt and monitor the AI, assessing the findings and making strategic and operational decisions. They will also be needed to implement many of the recommendations that AI makes.
The reality is that, as elsewhere across technology, the future will be a hybrid of human and AI. This just means that becoming conversant with AI tools and solutions is rapidly becoming a pre-requisite for cyber leaders and their teams. Anyone that wants to go far in cyber cannot afford to ignore it.
Peter Birch is director of technology and digital executive search, and Mo Gaibee is associate consultant at Harvey Nash.
