ISC2 Study Finds Cybersecurity Budget Constraints Remain, But Do Not Worsen, While Skill Needs Grow

Report reveals how staff and budget cuts are increasing perceived security risk, while rapid AI adoption is reshaping skills requirements and creating new career opportunities.

Alexandria, Va., December 4, 2025 – ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – today released findings from its 2025 Cybersecurity Workforce Study, which surveyed a record 16,029 cybersecurity professionals. The previous year saw a surge in layoffs, budget cuts, and hiring and promotion freezes. However, the 2025 data revealed that economic conditions that affect cybersecurity teams showed signs of leveling off, with reports of budget cuts (36%) and layoffs (24%) decreasing by one percentage point in 2025.

Strained cybersecurity workforce budgets remain a key driver of staff shortages, according to the study. 33% of respondents stated their organizations do not have the resources to adequately staff their teams, while 29% said they cannot afford to hire staff with the skills they need to adequately secure their organizations. Consequently, 72% of respondents agree that reducing security personnel significantly increases the risk of a breach in their organizations.

Skill Shortages Surpass Headcount as Top Concern

The study highlights that while staffing shortages remain, professionals are more concerned about critical skill needs than staffing numbers. Nearly nine in 10 respondents (88%) have experienced at least one significant cybersecurity consequence in their organizations because of a skills shortage, and 69% have experienced more than one. The majority of respondents (95%) reported that they have at least one skill need (a 5% increase from 2024), and 59% cited critical or significant skill needs (a 15% increase from 2024).

“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said ISC2 Acting CEO and CFO Debra Taylor, CC. “Skills deficits raise cybersecurity risk levels and challenge business resilience. At the same time, we are seeing emerging technologies like AI are perceived as less of a threat to the workforce than anticipated. Instead, many cybersecurity professionals view AI as an opportunity for career advancement. They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems.”

AI Adoption Accelerates and Creates New Career Opportunities

The research found that AI adoption is progressing among cybersecurity professionals, with 28% of respondents having already integrated AI tools into their operations. In total, 69% are engaged in adoption activities—whether through integration, active testing, or early evaluation.

Data also suggests that cybersecurity professionals believe AI will create a need for new skills and perspectives within the cybersecurity workplace.

• 73% believe AI will create more specialized cybersecurity skills
• 72% say AI will create the need for more strategic cybersecurity mindsets
• 66% say AI will require broader skillsets across the workforce

AI remains one of the top skills needed for the second consecutive year. This year, 41% of respondents cited AI as a top skill needed followed by cloud security (36%). Nearly half (48%) of respondents are already working to gain more generalized AI knowledge and skills, while others are educating themselves on AI solutions at risk to better understand vulnerabilities and exploits (35%).

Cybersecurity Professionals Passionate Despite Challenges

Although economic uncertainty and workplace pressures continue, cybersecurity professionals remain positive about their role in the industry. The research found:

• 87% believe there will always be a need for cybersecurity professionals
• 81% are confident the profession will remain strong
• 68% are satisfied in their current job (up two percentage points from 2024)
• 80% are passionate about their work
• 75% are likely to stay at their current organization for the next 12 months, dropping to 66% when asked about their outlook over the next two years

However, the report also indicates that cybersecurity professionals are experiencing job stress and burnout. Almost half (48%) of respondents feel exhausted from trying to stay current on the latest cybersecurity threats and emerging technologies and 47% feel overwhelmed by the workload.

The study finds that opportunities for career growth and recognition are important factors for professionals in the industry. Nearly one-third (31%) of participants view advancement opportunities and 23% view unplanned financial or benefit rewards (such as spot bonuses for performance, extra paid day off) as key factors for their workforce engagement.

To explore the full 2025 ISC2 Cybersecurity Workforce Study and discover additional actions leaders and organizations can take to support a resilient cybersecurity workforce, please visit: https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study.

About the ISC2 Cybersecurity Workforce Study

ISC2 conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The ISC2 Cybersecurity Workforce Study is conducted annually to assess the cybersecurity workforce to better understand the barriers facing the cybersecurity profession, and to uncover solutions that enable individuals to excel in their profession, achieve their career goals, and better secure their organizations' critical assets.

Methodology

The 2025 ISC2 Cybersecurity Workforce Study is based on online survey data collected in May and June 2025 from 16,029 cybersecurity practitioners and decision-makers. The respondents reside in North America, Latin America (LATAM), the Asia-Pacific region (APAC) and Europe, the Middle East and Africa (EMEA). Respondents in non-English speaking countries completed a locally translated version of the survey.

About ISC2 

ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our more than 265,000 certified members, and associates, are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, the Center for Cyber Safety and Education, helps create more access to cyber careers and educates those most vulnerable. Learn more, get involved or become an ISC2 Candidate to build your cyber career at ISC2.org. Connect with us on X, Facebook and LinkedIn. 

© 2025 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, ISSAP, ISSEP, ISSMP, CC, and CBK are registered marks of ISC2, Inc. 

Media Contact: 
Amanda Steinman 
Senior Corporate Communications Manager 
ISC2 
asteinman@isc2.org