London: Despite cybersecurity budget cuts easing to 36% this year, an overwhelming 95% of organisations still report at least one critical skills gap, according to a new ISC2 survey, highlighted how staffing risk remains entrenched even as financial pressure begins to stabilise.
While 2024 was marked by widespread layoffs, budget reductions, and hiring freezes, the latest data now points to early signs of economic levelling across cybersecurity teams, with layoffs falling slightly to 24%.
However, ISC2 warns that easing budget pressure does not mean organisations are out of the danger zone. Ongoing funding constraints continue to hold back security leaders and deepen long-standing staffing challenges. One-third (33%) of organisations say they still lack the resources to adequately staff their cybersecurity teams, while 29% report they cannot afford to hire professionals with the specialist skills needed to properly secure their businesses.
The security impact is already being felt. Nearly three-quarters (72%) of respondents agree that reducing security personnel significantly increases the risk of a cyber breach. More critically, it is the shortage of skilled professionals, rather than overall headcount, that is now driving risk. Almost nine in ten respondents say their organisation has already suffered at least one significant cybersecurity consequence linked to skills gaps, with 69% experiencing multiple incidents.
Andy Ward SVP International at Absolute Security said: “Our research highlights that 59 per cent of CISOs already view cyber as the single biggest threat facing the UK right now, above AI and other risks, on top of the NCSC stating a 50% rise in highly significant attacks in the past year. With cyber threats rising, it is essential that organisations close the cyber skills gap in order to remain resilient. Cyber-attacks are no longer a question of if but when, and true cyber resilience cannot be achieved without a strong cyber security team.”
“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said ISC2 acting CEO and CFO Debra Taylor.
AI is emerging as both a pressure point and an opportunity for cyber teams. Nearly three-quarters (73%) of respondents say AI will create more specialised cybersecurity roles, while 72% believe it will increase demand for more strategic cyber leadership. Two-thirds also expect AI to require broader skillsets across the wider workforce.
Currently, 28% of organisations have already integrated AI tools into their cyber operations, while 69% are in the process of testing, evaluating, or implementing them. Demand for AI security skills continues to rise, with 41% now citing AI as a top skills priority, second only to cloud security at 36%. Nearly half of professionals are actively building general AI knowledge, while 35% are training specifically to understand AI-related vulnerabilities and exploits.
Despite ongoing pressures, confidence in the profession remains strong. Some 87% of respondents believe there will always be a need for cybersecurity professionals, while 81% remain confident in the long-term strength of the sector.
