A Focus on Skills: The 2025 ISC2 Cybersecurity Workforce Study

The annual ISC2 survey of the cybersecurity community highlights the critical issues relating to skills shortages within cybersecurity teams and organizations, the increasing impact of AI on both job roles and people, and the impact of continuing economic pressures on job satisfaction, investment, advancement and retention.

This year has been another impacted by global economic disruption. Participants in the 2025 ISC2 Cybersecurity Workforce Study revealed continuing uncertainty and the on-going impact of financial austerity on themselves, their teams and organizations as a whole. A record 16,029 people participated in this year’s study from across North America, Latin America, the Asia Pacific region and Europe, the Middle East and Africa, all working in cybersecurity roles or functions.

Cuts have impacted the global cybersecurity field once again, fueling layoffs, budget reductions and freezes pay rises and promotions.

Nonetheless, cybersecurity professionals remain broadly satisfied and committed, but signs of strain are showing, with many raising issues about overwork and burnout from being under resourced and lacking key skills to keep pace with new technologies and new threats. Others have also raised concerns about cybersecurity not being viewed as a critical function.

Four Challenges Facing the Cybersecurity Workforce

Every year, the study is guided by survey participants, who shape the priorities and focus areas for the report. This year’s findings reflect a shift in priorities that begun to emerge within the 2024 study, most notably the rising impact of critical skills needs.

Key results from the 2025 study reflect four persisting challenges: the economy, skills and staff shortages, AI and job satisfaction. These areas illustrate the primary needs and priorities of most participants and their organizations, as well as showing a fundamental link between a shortage of available skills and skills investment with an increase in cybersecurity risk, incidents, workforce discontent and fatigue:

• Economic uncertainty continues to impact the cybersecurity workforce through layoffs, hiring freezes, promotion freezes and budget cuts. However, these cost-cutting measures have steadied, showing that the issues causing economic caution remain, but have not necessarily worsened from the previous year. The largest organizations have been hit the hardest across all four economic measures, with 32% of large organization respondents reporting layoffs, 46% experiencing budget cuts, 49% reporting hiring freezes and 41% seeing promotion freezes.
• Many teams are worried that their organizations will not be adequately protected against cybersecurity threats due to a shortage of key skills as well as needing more people to acquire and apply those needed skills. Shortages have direct consequences, with 88% of respondents noting their organizations have experienced at least one significant cybersecurity consequence in the last year because of a skills shortage and 69% have experienced more than one.
• AI adoption continues to disrupt cybersecurity teams and organizations as a whole, but the reception of AI and the outlook is broadly positive. Respondents believe that AI is offering useful support with time consuming and repetitive tasks, rather than replacing the human element. Over two thirds of respondents (69%) are either already using AI tools now or are planning for AI security tool implementation and use in the future.
• Despite the economic challenges impacting advancement, jobs and investment in people, cybersecurity professionals remain broadly satisfied with their position, with 68% of respondents being content in their current role. Despite being committed, staff report feeling overworked or burnt out as they try to cover for the shortfall in needed cybersecurity skills and people. Others feel frustrated with employer demands for more in-office or hybrid working. It is having a negative impact on retention. Three-quarters (75%) reported they were likely to stay at their current organization for the next 12 months, but that drops off to 66% when asked about their outlook over the next two years.

Skills Needs and Staffing

The study represents the cybersecurity workforce through a variety of metrics, which change and evolve in line with market forces and the priorities of participants. For several years, coverage of the study led with global and regional estimates on the overall workforce size, as well as looking at what became known as the “workforce gap”. This is a measure of the difference in headcount between the size of active workforce and the perceived number of additional people needed – based on participant responses and other supporting data – to fully address current workloads and needs.

Recognizing and addressing skills shortages – both within existing teams as well as within the wider talent pool – is now considered to be more critical for organizations and hiring managers than simply adding more people. It’s about the skills that existing professionals possess, as well as the skills that people entering the field bring and develop. This is what organizations require to address threats and manage risk in an evolving workplace and threat environment. Without the right skills or the ability to develop them effectively and quickly, simply adding more people to the team won’t necessarily address the shortages and operational challenges that many participants are dealing with.

The 2025 study shows that cybersecurity resilience is front of mind for participants, but that it depends less on headcount and more on agility, capability and continual skill development. That means up-skilling and multi-skilling existing people inside and outside of the existing cybersecurity team, as well as recruitment.

Key Takeaways from Participant Responses

The cybersecurity workforce needs agility, capability and continual skill development to function effectively now and in the future:

Skills Shortages Persist: Rapid adoption of AI and other new technologies, as well as rapidly evolving threats and attacks have created a critical and multi-faceted skills need across cybersecurity teams and employers. Even those actively trying to recruit are struggling to find the skills they need or are struggling to afford people with them. A disconnect in awareness of what hiring managers are looking for and what cybersecurity professionals are prioritizing is not helping the skills challenge.

AI is Both an Opportunity and a Risk Factor: AI is seen by respondents as a catalyst for career development opportunities rather than a threat, with many taking a proactive approach to bolstering their own knowledge of AI tools and technologies. At the same time, AI-based attacks represent new threat vectors and risks that most cybersecurity professionals had not encountered in their careers until recently.

Skills Impact Workforce Wellbeing as well as Cybersecurity Risk: Participants are passionate about the work they do but do not feel fully valued. Only a third said their organizations prioritized cybersecurity as a critical business function. They want more focus on upskilling and budget for professional development, as well as wanting to see their organizations investing in broad awareness training and cross-training of existing co-workers outside of cybersecurity to better help tackle cybersecurity needs and mitigate risk.

Investment in People is Paramount, Regardless of Economic Disruption: Investing in skills development to meet the AI challenge and other evolving cybersecurity functions is essential investment to lower risk, reduce staff turnover and keep cybersecurity professionals engaged in their roles for the longer term.

Learn More About Cybersecurity Workforce Trends

Discover the insights shaping the field by diving into the 2025 ISC2 Cybersecurity Workforce Study. This essential report reveals the most pressing challenges, emerging trends and real-world data on what cybersecurity professionals are facing and what motivates them — arming you with the knowledge to develop your team, guide strategic decisions and elevate your career. Whether you’re a seasoned professional, a leader building resilient security programs, or someone aspiring to enter the field, this study offers invaluable perspective you won’t want to miss. Read it now and be part of driving the industry forward.