Cybersecurity’s Breaking Point: New ISC2 Data Shows Skills Crisis Overtaking Staffing Woes

The cybersecurity workforce has spent the past two years bracing for economic turbulence. Layoffs, spending freezes and shrinking budgets hit teams that historically believed they were insulated from broader corporate cutbacks. According to new global research from ISC2, those financial pressures have begun to stabilize, but the aftershocks are reshaping the field in a more profound way. Leaders are no longer most worried about having too few people. They are worried about having too few people with the right expertise.

The 2025 ISC2 Cybersecurity Workforce Study collected responses from a record 16,029 professionals and reveals a profession caught between economic strain and accelerating technological change. Although layoffs fell slightly to 24 percent and budget cuts dipped to 36 percent, organizations still reported weakened resourcing and heightened exposure to risk. More than 70 percent of respondents said trimming cybersecurity staff materially increases the likelihood of a breach. The data paints a picture of teams trying to defend modern enterprises with tools and capabilities that no longer match the speed or sophistication of emerging threats.

Skills Are Now the Real Crisis

The report’s most striking shift is the collapse of confidence in teams’ ability to keep pace with required expertise. Ninety five percent of respondents cited at least one skills gap, and the proportion reporting critical or significant deficits jumped dramatically from 44 percent to 59 percent. Almost nine in ten professionals said these missing skills had already led to a meaningful cybersecurity consequence inside their organization.

AI continued to dominate the list of in demand technical competencies. Cloud security remained close behind, followed by risk assessment, application security and security engineering. These rankings mirror the evolving attack surface that modern enterprises now operate on, with misconfigurations, identity flaws and AI driven threats listed as frequent pain points.

“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said ISC2 Acting CEO and CFO Debra Taylor, CC. “Skills deficits raise cybersecurity risk levels and challenge business resilience. At the same time, we are seeing emerging technologies like AI are perceived as less of a threat to the workforce than anticipated. Instead, many cybersecurity professionals view AI as an opportunity for career advancement. They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems.”

Her comments reflect a notable change in sentiment compared to the anxiety seen during the early generative AI adoption wave. Instead of fearing job displacement, many professionals are actively trying to position themselves as specialists in AI enabled security.

AI Adoption Surges and Reshapes Job Expectations

The study shows that AI tools are moving from experimentation to operational use. More than two thirds of cybersecurity teams have either deployed, tested or begun evaluating AI systems. Among those already using AI to support detection and investigation workflows, nearly two thirds said the tools significantly improved productivity. Functions that produce large volumes of data, like network monitoring and vulnerability management, were viewed as the most likely to benefit.

Respondents overwhelmingly expect AI to create new career paths rather than eliminate them. Seventy three percent anticipate a rise in specialized cybersecurity roles, while 72 percent expect AI to create demand for more strategic thinking across security teams. A large segment is already pursuing AI focused upskilling, including training on model safety, evaluating AI related risk and auditing AI driven infrastructure.

The enthusiasm comes despite the reality that AI is also fueling new attack techniques. The study documents rising encounters with AI optimized social engineering, data leakage, model theft and data poisoning. Smaller organizations reported disproportionately higher exposure, likely reflecting their thinner security staffing.

Professionals Stay Committed but Are Feeling the Strain

Even with heavy workloads and significant pressure on teams, job satisfaction ticked upward for the first time in two years. Sixty eight percent of respondents said they are satisfied in their role and 80 percent described themselves as passionate about their work. Almost nine in ten believe cybersecurity will remain a stable profession long term.

Yet beneath that optimism lies fatigue. Nearly half said they feel exhausted trying to keep up with the speed of new threats. Forty seven percent reported feeling overwhelmed by workload. The study also exposes a mismatch between preferred and required work arrangements. Only 10 percent want to work full time in an office, while almost triple that amount are required to do so. Respondents whose working model matched their preference showed far higher satisfaction than those required to come in more often than they wanted.

Career mobility also appears to be in flux. Three quarters expect to remain with their current employer over the next year, but that number drops to 66 percent when asked about the next two years. Many cited stalled advancement opportunities, insufficient pay growth and organizational leaders who do not treat cybersecurity as a core business priority.

The Bigger Picture

The report makes clear that the cybersecurity workforce is not shrinking at the catastrophic rate some feared. Instead, it is transforming into a field where baseline technical proficiency is no longer enough. Cloud architecture, AI fluency, secure design, identity governance and threat modeling are becoming foundational skills rather than specializations. The organizations that survive this transition will be the ones that invest in training, reduce burnout and build career pathways that keep highly skilled practitioners engaged.

The profession’s resilience remains intact. Its workload and expectations, however, are reaching a point where talent investment is no longer optional. That reality is likely to shape 2026 far more than economic conditions alone.