WrightStudio - stock.adobe.com
Constrained budgets left security teams short-handed in 2025
With 2024 seeing surges in security funding cuts, lay-offs and hiring freezes, 2025 brought some relief for cyber pros, but constrained budgets are leaving security teams short-staffed
After a torrid 2024, the wider macroeconomic conditions affecting cyber security professionals showed signs of levelling off in 2025, with reports of budget cuts and layoffs to cyber teams dropping slightly this year after surging in the prior period. However, constrained budgets remain a key driver behind the ongoing cyber skills shortage.
This is according to the annual Cybersecurity workforce study produced by cyber professional association ISC2, which polled over 16,000 security professionals to produce this year’s report.
The Virginia, US-based non-profit reported that 33% of respondents said their organisations were inappropriately resourced to adequately staff their teams, and 29% said they couldn’t afford to hire the right people with the right skills to adequately secure their organisations.
As a result, said ISC2, 72% of security professionals now agree that reducing personnel significantly increases the breach risk to organisations; almost nine in 10 said they had experienced “at least one” significant security incident due to a skills shortage, and 69% more than one.
And approximately 95% said they had at least one skill need within their teams, up 5% from 2024, while 59% cited “critical or significant” skill needs, up 15%.
“A shift is happening,” said ISC2 acting CEO and chief financial officer Debra Taylor. “This year’s data make it clear that the most pressing concern for cyber security teams isn’t headcount, but skills. Skills deficits raise cyber security risk levels and challenge business resilience. At the same time, we are seeing emerging technologies like AI [artificial intelligence] are perceived as less of a threat to the workforce than anticipated.
“Instead, many cyber security professionals view AI as an opportunity for career advancement,” she said. “They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems.”
Read more about security careers and skills
- The Computer Weekly Security Think Tank considers the burdens and responsibilities that accompany the role of chief information security officer, and share guidance on how to navigate a challenging career path.
- At a time when cyber security breaches are on the up and skills remain in short supply, security experts believe we may be missing a trick by overlooking unconventional sources of talent.
- Cyber ‘agony aunts’ Amelia Hewitt and Rebecca Taylor are launching a book aimed at empowering women in their cyber security careers.
With the potential of AI being positively received in the cyber security world, ISC2 found its members were steadily increasing their use of AI tools, with 28% having already integrated them into their daily operations and 69% at some point in their adoption journey, either evaluating, testing or implementing them.
The data also suggest that security pros believe AI will have an impact on both the skills and perspectives required to do the job. Almost three-quarters said cyber security skills would become more specialised as a result of AI adoption; a similar number said AI would create a need for more strategic security mindsets, and slightly fewer said broader skillsets would in fact be needed.
Perhaps unsurprisingly, AI skills emerged as the most in-demand skillset in the security trade for the second consecutive year, cited by 41%, with cloud security close behind at 36%. About half of respondents said they were already working on their own generalised AI knowledge and skills, and about 35% were going deeper on areas such as using AI to better understand vulnerabilities and exploits.
Love what you do
Headwinds notwithstanding, ISC2 found security pros tend to be positive about their jobs and the role they play in the wider industry, with 80% saying they were passionate about their work.
The vast majority, 87%, said they thought there would “always” be a need for security pros; 81% expressed confidence that the profession would remain strong; and 68% said they were satisfied in their current job, up 2% on 2024, with 75% planning to stay at their current job for at least another year.
But the passion and dedication of cyber pros continues to come at a cost, with stress and burnout still dogging many. Almost half said they found it exhausting trying to keep up, and 47% found the workload overwhelming at times.
