The ISC2 study highlighted a two-headed problem.
First is the talent shortage, with 63% reporting in 2025 that they have a slight or significant cybersecurity shortage, a modest improvement over the 68% who said as much in 2024.
Second is the skills gap. According to the report, 59% in 2025 have critical or significant skills needs, up from 44% in 2024, and 95% have at least one or more skills needs, up 5% on the previous year. Survey respondents said AI was the most pressing skills need (41%), followed by cloud security (36%), risk assessment (29%), application security (28%), security engineering and governance, (27%) and risk and compliance (also at 27%).
