A closer look at the findings from the most recent ISC2 Cybersecurity Workforce Study, from the perspective of respondents from the U.K. cybersecurity community.

U.K. cybersecurity professionals are operating in an increasingly complex and demanding environment shaped by economic pressure, rapid technological change and persistent skills shortages. At the same time, the rapid adoption of artificial intelligence (AI) technologies is transforming both the threat landscape and cybersecurity operations, creating new opportunities while also increasing pressure on professionals to continuously adapt and reskill. The 2025 ISC2 Cybersecurity Workforce Study revealed that while hiring freezes, budget constraints and staffing reductions may be beginning to stabilize, organizations continue to struggle to recruit, retain and develop cybersecurity talent with the skills needed to defend modern digital environments.

This snapshot of the U.K. story from the study is based on the responses from over 950 U.K. cybersecurity professionals who participated.

U.K. Cybersecurity Workforce Under Pressure

Cybersecurity Cutbacks Experienced by Organizations In the Past 12 Months

Globally, cybersecurity teams have faced downward pressure on roles and hiring. Overall, U.K. respondents experienced a significant proportion of cutbacks over the last year, with 22% reporting layoffs, 36% reporting budget cuts, 43% reporting hiring freezes and 35% reporting freezes on promotions or pay rises. These are broadly comparable with the global findings. As with the global outlook, the U.K. saw modest falls in respondent experiences year-on-year of layoffs (28% in 2024) and budget cuts (38% in 2024), while hiring freezes (42% in 2024) and promotion/pay freezes (35%) did not fall. This broadly aligns with the global conclusion that while the overall situation has not improved, the challenges facing organizations and their cybersecurity teams have started to stabilize.

Accountability and Risk from Cybersecurity Cutbacks

Dealing With the Effects of Cybersecurity Cutbacks

The research shows strong concern about the consequences of reducing cybersecurity staffing. In the U.K., 75% of respondents believe staff cutbacks significantly increase the likelihood of a breach, while 79% believe organizations should be held accountable if breaches occur after reducing cybersecurity personnel. The findings reinforce the perception that cybersecurity staffing levels are directly linked to organizational resilience and risk management.

However, a majority of U.K. cybersecurity professionals (57%) also believe their organizations will have the resources necessary to respond to security incidents over the next two to three years. While this reflects cautious optimism, it also means that a significant minority remain uncertain or lack confidence in their organization’s future resilience and preparedness.

Perceptions of Skills Needs Across Cybersecurity Teams

Skills Needs Are a Problem For Cybersecurity Teams

Cybersecurity skills shortages remain a major issue for U.K. organizations, with 95% of respondents reporting at least one cybersecurity skills gap within their organization, while 58% described those shortages as either critical or significant. Only 5% reported no skills shortages at all. The findings indicate that although staffing levels may have improved slightly year-on-year, organizations still lack the specialist expertise needed to manage modern cybersecurity risks, deal with emerging technologies and maintain business resilience.

AI skills were identified as the most urgent capability gap for cybersecurity teams in the U.K., cited by 42% of respondents who identified having at least one skills need. Cloud security ranked second at 37%, followed by security engineering, application security, risk management and governance/risk/compliance (GRC). This highlights that competence in emerging technologies, cloud and strategic risk management are more critical needs among U.K. employers right now compared to more traditional security disciplines.

The leading causes of cybersecurity skills shortages, according to U.K. respondents, are financial constraints (28%) and the inability to find qualified candidates (25%). Other contributing factors include difficulty retaining skilled staff (23%), an inability to keep pace with rapid organizational growth (22%), new technologies being introduced without sufficient cybersecurity expertise (22%) and uncertainty created by AI-related changes in required skill sets (16%). Furthermore, 12% of U.K. respondents also highlighted a disconnect between hiring objectives and professional skills priorities, an issue that is also a global challenge.

How U.K. Organizations Are Tackling the Skills Challenge

How Organizations Address Cybersecuriuty Team Skills Needs

According to U.K. respondents, organizations are using a combination of workforce development, technology investment and external support to address cybersecurity skills shortages. The most common approach is allowing professional development time during work hours (34%), promoting the use of free vendor training resources (27%), investing in new technologies (27%) and integrating AI tools to automate tasks (24%). Many organizations are also cross-training non-cybersecurity employees, funding internal and external training programs and using contractors or third-party providers to fill immediate capability gaps.

Nonetheless, the research highlights that cybersecurity skills shortages are already having widespread operational consequences for U.K. organizations. Overall, 87% of respondents said their organization had experienced at least one negative consequence as a result of not having the cybersecurity skills it needs to fully address its operations, while 70% reported experiencing multiple consequences.

The most common impacts included oversights in security processes and procedures and parts of the organization being left under secured, both cited by 27% of U.K. respondents. Other major consequences included reduced awareness of active threats (25%), underqualified employees being assigned responsibilities beyond their expertise (24%), slow patching of critical systems (24%) and overreliance on third-party supply chains to provide cybersecurity support (24%).

The findings demonstrate that cybersecurity skills shortages are not simply recruitment challenges. They are directly affecting organizational resilience, operational effectiveness and the ability of security teams to respond effectively to evolving cyber threats.

Cybersecurity Staffling Levels

Amid the pressure on finding and developing needed cybersecurity skills, staffing levels in the U.K. improved slightly between 2024 and 2025. The proportion of organizations reporting significant shortages fell from 23% to 16%, while those reporting the “right amount” of cybersecurity staff increased from 29% to 37%. Despite these improvements, most organizations still reported either significant or slight staffing shortages, demonstrating that workforce capacity challenges remain widespread.

The Impact of AI on U.K. Cybersecurity Professionals

Cybersecurity Team AI Security Tools Adoption Rates

Note: 9% answered “don’t know”

AI adoption within cybersecurity operations is progressing rapidly, with nearly a third (30%) of U.K. respondents noting that AI security tools have already been integrated into operations, while 20% are actively testing them and 24% are evaluating them. Overall, nearly three-quarters of organizations are moving toward operational AI use. The findings suggest that AI is becoming a mainstream component of cybersecurity defense strategies within U.K. organizations.

More than two-thirds of U.K. respondents (70%) who have integrated AI security tools are already seeing it deliver productivity gains. The fastest positive impact (improved efficiencies, reducing costs, handling time-consuming tasks, etc.) are coming in network monitoring and intrusion detection (38%), security operations (34%) and threat modelling (30%). Other key areas include vulnerability management, endpoint protection and security testing (each at 29%). These functions are highly data-intensive and repetitive, making them well suited to automation and AI-driven analysis.

U.K. Cybersecurity Job Satisfaction

Overall Job Satisfaction Over the Years

Among U.K. cybersecurity professionals, job satisfaction improved slightly in 2025 after declining in 2024. Overall satisfaction rose from 64% in 2024 to 68% in 2025, though it remained below the 72% recorded in 2023. The percentage of respondents who described themselves as “very satisfied” also increased year-on-year. The results reinforce the view that while pressures on cybersecurity professionals remain high, confidence and morale may be stabilizing.

Most cybersecurity professionals intend to remain in the profession long term, with 76% saying they are likely to stay in cybersecurity for the rest of their careers. However, commitment to current employers is weaker: 73% expect to remain with their organization over the next 12 months, but only 64% expect to stay for the next two years. The findings indicate that while professionals remain committed to cybersecurity as a career, organizations may face retention challenges if workplace pressures and career concerns are not addressed soon.

Advice for U.K. Cybersecurity Hiring Managers and Professionals

The 2025 ISC2 Cybersecurity Workforce Study highlights a profession operating under continued pressure, but also one that is adapting and evolving. The study shows that skills shortages in the U.K., as well as globally, are now viewed as a more pressing issue than staffing numbers alone. Organizations are struggling to recruit and retain professionals with expertise in areas such as AI, cloud security, security engineering and risk management, while rapid technology adoption is reshaping the requirements of cybersecurity roles. These shortages are already creating operational consequences, including process oversights, under secured systems, delayed patching and increased reliance on third-party support.

The growing use of AI is also increasing demand for new technical and nontechnical skills, including problem-solving, adaptability and communication. However, organizations must take a more strategic and people-focused approach if they want to address skills deficiencies and maintain long-term resilience.

Advice for Cybersecurity Hiring Managers

  • Prioritize skills development as highly as recruitment by investing in continuous training, mentoring and professional development opportunities for existing staff.
  • Develop internal talent pipelines through cross-training, funding certifications, apprenticeships, internships and career transition programs from adjacent IT and other non-cybersecurity roles.
  • Focus recruitment efforts on emerging high-demand areas such as AI security, cloud security and risk management to prepare for future operational requirements.
  • Ensure cybersecurity is treated as a business-critical function by leadership, with sufficient staffing, budget and executive support.
  • Strengthen collaboration between HR, IT and cybersecurity leadership to better align hiring strategies with actual operational skills requirements.

Advice for Cybersecurity Professionals

  • Continuously develop skills in high-demand areas such as AI, cloud security, security engineering, governance/risk/compliance and zero trust.
  • Strengthen nontechnical capabilities including communication, strategic thinking, teamwork and problem-solving, which employers increasingly value alongside technical expertise.
  • Take advantage of professional development opportunities, certifications, free vendor training and industry events to stay current with evolving threats and technologies.
  • Develop adaptability and a willingness to learn as cybersecurity roles continue to evolve due to AI and automation.
  • Focus on understanding risk and organizational priorities, not just technical ones, to become more effective in leadership and strategic roles.

Despite these pressures, U.K. cybersecurity professionals remain passionate about their careers and generally optimistic about the future of the profession.