One in three cybersecurity teams (33%) report being under-resourced to adequately protect their organisations, according to the ISC2 2025 Cybersecurity Workforce Study, which surveyed over 16,000 security professionals globally.

Nearly 30% said they cannot afford to hire staff with the right skills, highlighting how budget constraints continue to drive the cyber skills shortage. These staffing gaps are creating real risk, with 72% of security professionals agreeing that reducing personnel significantly increases breach risk, while almost nine in ten have experienced at least one significant security incident linked to skills shortages.

On top of this, security teams are increasingly turning to artificial intelligence (AI) for support. The study found that 28% of respondents have already integrated AI tools into daily operations, and 69% are at some stage of evaluating, testing, or implementing them.

AI skills remain the most sought-after capability, cited by 41% of professionals, followed by cloud security at 36%. Half of respondents are developing general AI knowledge, while 35% are focusing on advanced applications, such as using AI to detect vulnerabilities and prevent exploits.

Sawan Joshi, Group Director of Information Security at FDM Group, commented: “Building true cyber resilience means prioritising continuous training and sustained investment in developing young cyber talent. Technology is vital, but it is the skills, readiness and adaptability of people that ultimately determine how effectively threats are mitigated and sensitive data is protected.”

Andy Ward SVP International at Absolute Security commented: “Our research highlights that 59% of CISOs already view cyber as the single biggest threat facing the UK right now, above AI and other risks, on top of the NCSC stating a 50% rise in highly significant attacks in the past year.

With cyber threats rising, it is essential that organisations close the cyber skills gap in order to remain resilient. Cyber-attacks are no longer a question of if but when, and true cyber resilience cannot be achieved without a strong cyber security team.”

ISC2 acting CEO and chief financial officer Debra Taylor said: “A shift is happening. This year’s data make it clear that the most pressing concern for cyber security teams isn’t headcount, but skills.

Skills deficits raise cyber security risk levels and challenge business resilience. At the same time, we are seeing emerging technologies like AI [artificial intelligence] are perceived as less of a threat to the workforce than anticipated.

Instead, many cyber security professionals view AI as an opportunity for career advancement,” she said. “They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems.”