88% Cybersecurity Pros Experience ‘Significant’ Impact of Skills Gap

According to new research from International Information System Security Certification Consortium (ISC2), nearly nine in 10 cybersecurity professionals (88%) have experienced at least one “significant” cybersecurity consequence in their organization due to a skills gap.

The study surveyed 16,029 cybersecurity professionals from across North America, Latin America, the Asia-Pacific region, Europe, the Middle East, and Africa. Broadly, the data indicates that the economic uncertainties that gave rise to a surge in tech layoffs in 2024 are beginning to taper off.

The findings should sound a note of alarm across the tech sector as concerns over a yawning talent gap mount. Elsewhere, our own research shows that a shocking 98% of bosses are unable to identify all the signs of a phishing attack, indicating that these shortcomings are felt across the business.

Talent Gap Leaving Majority of Cybersecurity Firms Exposed

88% of cybersecurity professionals have experienced at least one “significant” cybersecurity consequence at their place of work due to a lack of ability, new research shows. The 2025 Cybersecurity Workforce Study comes courtesy of ISC2, the world’s leading nonprofit organization for cybersecurity professionals.

Surveying 16,029 “practitioners and decision-makers” from across the sector, the study sheds light on the evolving nature of the workspace as old anxieties persist and new opportunities arise. Notably, the data suggests that some of the economic uncertainties that characterized 2024 are beginning to lift.

In spite of this, however, the industry still faces a problem in the form of talent recruitment and retention — the consequences of which can often be severe.

Skills Shortage Getting Worse, Data Shows

Other data points shed light on the impact of strained security budgets across the sector. 33% of participants confirmed that they do not have the resources to adequately train their existing staff, while 29% are unable to hire staff with the requisite skills to secure their organization in the face of an evolving threat landscape. And with 72% in agreement that reducing security personnel “significantly increases” the risk of a breach, the scale of the issue isn’t lost on anyone.

Worryingly, even as the global economic outlook has improved on last year, the skills gap has widened. The vast majority of surveyed respondents (95%) reported that they have at least one skill need, representing a 5% increase on the year before. 59%, meanwhile, cited “critical or significant” skill needs — a sharp 15% increase on 2024.

According to ISC2 acting CEO and CFO Debra Taylor, CC: “A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills. Skills deficits raise cybersecurity risk levels and challenge business resilience.”

AI Poses Compelling Solution to Skills Shortage

The research shows that, increasingly, cybersecurity professionals are looking to AI as a solution to their workforce woes. 28% of respondents confirmed that they’d already embedded the technology into their ways of working, while 69% are engaged in “adoption activities,” such as integration, testing, or evaluation.

There is a pervasive idea that AI tools will create demand for new skills and perspectives, with 73% believing that the technology will create “more specialized cybersecurity skills” and 72% citing “more strategic cybersecurity mindsets.” The hope is that this will open up new roles for prospective employees — as fears mount that AI could spell disaster for the workforce.

Despite the skills chasm, most cybersecurity employees are optimistic about the future. A striking 81% of participants are “confident” the profession will remain strong, with a further 68% satisfied in their current job.