For cybersecurity professionals, emerging technologies are no longer distant innovations. They are active forces reshaping day-to-day work. Nowhere is this more evident than with artificial intelligence (AI). As organizations accelerate adoption of AI, security teams are being asked to harness AI’s potential while simultaneously defending against the new risks it introduces. The result is a security landscape defined by opportunity and unease, where the same technologies driving efficiency are also expanding the attack surface.

The 2025 ISC2 Cybersecurity Workforce Study, based on responses from 16,029 cybersecurity professionals worldwide, highlights how emerging technologies are shaping the security landscape, as well as the challenges practitioners are navigating today and expect to face in the near future.

AI Tops the List for Both Positive and Negative Security Impact

When asked which emerging technologies and architectures will have the most positive impact on keeping assets and organizations secure, advancements in AI ranked well ahead of other options, with 41% citing AI as a source of positive impact. Automation in cybersecurity (35%) and zero trust (33%) ranked second and third, respectively. Passwordless authentication (22%), agentic AI (21%) and risk‑based vulnerability management (21%) complete the top five.

When respondents were presented with the same list of emerging technologies and architectures and asked which ones will have the greatest negative impact, AI again ranked well ahead of all other answer options, with 52% of respondents saying it will have the greatest negative impact.

Importantly, 2025 is the first year agentic AI was included, and it entered directly within the top five positive impacts and second for negative.

Impact of Emerging Cybersecurity Technology and Architectures

This dual ranking underscores a reality that cybersecurity professionals are grappling with now: AI is not a single dimensional tool. It is simultaneously an accelerator for defenders and a force multiplier for adversaries. While automation and intelligence-driven insights promise to ease operational burdens, the rapid pace of AI innovation is also introducing uncertainty.

A net comparison of impact selections highlights a divide between technologies with higher net positive ratings and those with higher net negative ratings. Zero trust and automation in cybersecurity fall into the net positive group, while quantum computing, agentic AI and advancements in AI cluster on the net negative side.

Technologies with the Highest Net Positive and Negative Impacts

When viewed through a net impact lens, a clearer pattern emerges. Technologies that are more mature or operationally understood, like zero trust and security automation, tend to inspire greater confidence. In contrast, technologies that are evolving rapidly or remain less predictable, including quantum computing and agentic AI, are more often associated with heightened concern. This contrast reflects not a resistance to innovation, but rather a need for clearer guardrails, standards and shared understanding.

AI Sees the Most Noticeable Year-Over-Year Shift

Year-over-year results show that advancements in AI increased in both perceived positive and negative impact. In fact, AI was the only technology area to increase year over year on both positive and negative impact measures. Compared to 2024, the share of respondents citing AI as having the greatest positive impact rose by 5% (from 36% to 41%), while the share selecting it as having the greatest negative impact increased by 4% (from 48% to 52%).

The year‑over‑year shift in perceptions of AI signals an inflection point for the profession. As AI moves from experimentation into operational reality, its impact is becoming more tangible. Unlike other technologies whose influence appears to be stabilizing, AI continues to intensify conversations around risk, responsibility and readiness. For many teams, the challenge is no longer whether AI will shape security outcomes, but how quickly they can adapt alongside it.

Most other technologies either declined or remained flat across both measures, with automation in cybersecurity and risk-based vulnerability management seeing the largest decreases on the positive-impact question.

How Industries Differ in Their View of AI's Security Impact

Survey respondents ranked their views of AI's security impact, which has been segmented by industry to examine the varying perspectives from practitioners. Interestingly, industries that rank AI lower on positive impact don't necessarily rank it higher on negative impact and vice versa.

Industries Most and Least Likely to View AI's Impact as Positive

AI at the Center of Current & Future Challenges

When asked about the biggest challenges faced over the past 12 months, respondents most frequently cited AI-powered social engineering (51%). Looking ahead to the next two years, that figure increases to 57%, making it the leading challenge professionals expect to face in the near future. Risks associated with emerging technologies like blockchain, AI, VR, quantum computing, intelligent automation, etc. also rise in prominence, increasing from 38% saying it was a challenge in the past year to 46% saying it will be a challenge in the next two years.

As AI becomes more deeply embedded in business operations, its influence is increasingly reflected in the challenges that security teams face. The same capabilities that enable smarter defenses are also being leveraged to scale and refine attacks, pushing practitioners to rethink traditional approaches to risk management and resilience.

Workforce and skills shortages remain a consistent concern across both timeframes (39% past year; 37% next two years), while regulatory requirements and insider threats rank at comparable levels in both questions. Most other categories remain relatively stable or decline slightly when looking from the past to the future.

Overall, only a small number of challenges, particularly related to AI, show meaningful increases from challenges professionals faced in the past 12 months to what they expect to face in the next two years. These results align with earlier findings from the impact questions, where AI ranked highest for both positive and negative impact, highlighting its growing influence across the security landscape.

Top Cybersecurity Challenges

How Challenges Vary by Industry, Past and Future

Across industries, AI-powered social engineering shows up as the top challenge for both the past 12 months and in the outlook for the next two years. Differences across industries highlight that AI’s security impact is deeply contextual. Variations in regulatory exposure, threat profiles and resource availability shape how practitioners perceive both its benefits and risks.

Respondents in legal (62%) and education (58%) reported some of the highest challenge levels in the past year's results. Looking ahead, AI-powered social engineering reaches as high as 64% within the nonprofit sector and remains high across nearly every other sector.

The challenges of workforce shortages are felt most strongly in fields such as government and the military across both past and future timeframes, while military and aerospace respondents more often cite cyber operations tied to geopolitical activity. Economic uncertainty impacting cybersecurity staffing stands out in the real estate sector.

Overall, the same core challenges appear across industries; however, the difference is mostly in how strongly each sector feels them. Notably, lower optimism does not always correlate with higher concern, suggesting that familiarity and exposure may influence confidence as much as threat severity does.

Industries Most Likely to Identify AI-Powered Social Engineering as a Top Challenge

How AI Changed the Landscape of Cybersecurity Challenges in 2025

In 2025, AI‑powered social engineering entered the list as a new item and became the top‑ranked challenge professionals faced in the past 12 months and expect to face in the next two years. Economic uncertainty impacting cybersecurity staffing and hiring was also newly added in 2025 and appeared in the Top 5 challenges professionals faced in the past year.

Compared to challenges professionals faced in the past 12 months in 2024, this year’s addition of AI-powered social engineering pushed down a couple of previously higher‑ranked challenges, including worker/skill shortages in the workforce (from #1 to #2) and keeping up with changing regulatory requirements (from #2 in 2024 to outside the top 5).

Cybersecurity Challenges Faced in Past 12 Months vs 2024

Similarly, when looking at what professionals expect to face in the next two years, the addition of AI‑powered social engineering resulted in several challenges that had ranked higher in 2024 to shift downward. This includes risks posed by emerging technologies like blockchain, AI, VR, quantum computing, intelligent automation, etc. (from #1 to #2), worker/skill shortages in the workforce (from #2 to #3) and keeping up with changing regulatory requirements (from #3 to outside of the Top 5).

Cybersecurity Challenges expected in the Next Two Years vs 2024

Conclusion

Taken together, these findings paint a picture of a profession at a critical crossroads. AI is redefining what is possible in cybersecurity, but it is also redefining what is required and who will deliver it, from skills development and ethical considerations to governance and collaboration. For cybersecurity professionals, success will depend not only on adopting new technologies, but on building the judgment, frameworks and the workforce needed to use them responsibly.

Related Insights