Entering 2026, the tension between cybersecurity personnel resource challenges and the ever-escalating -and increasingly effective – threat environment continues. Add advanced technologies such as AI that enterprising threat actors are all too eager to insert into their arsenals to the mix, and the issue of staff limitations is magnified. In its 2025 ISC2 Cybersecurity Workforce Study, the non-profit association uncovered a profession balancing the struggle to keep ahead of increasingly sophisticated adversaries while also savouring the chance to leverage AI and other technologies to elevate their defences. The annual study of industry workplace trends, which surveyed 16,020 security professionals globally, found resource constraints are front and centre in impacting the cybersecurity workplace.
Budget cuts are having a material impact on staffing levels, with 33% acknowledging they don’t have adequate security personnel. 29% don’t have the budget to employ staff with the required skills. That said, 55% said they currently have the appropriate security staff in place to protect their enterprise assets from incidents in the next two to three years.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
The research participants see a direct correlation between having sufficient security staff in place and mounting an effective defence. 72% said cutting staff pointedly creates an environment vulnerable to attack, with 76% calling for organisations to face consequences if they suffer a security incident after laying off cybersecurity professionals.
Having staff skills match organisational priorities is essential, with AI topping the list and 41% saying knowledge of the technology is critical. Experience in cloud security is crucial to 36% of organisations, followed by risk assessment expertise (26%) and a strong knowledge of application security (28%). Having security engineering experience and a working history navigating governance, risk, and compliance (GRC) are also important, with 27% citing both.
As defensive tools, AI-powered solutions promise to lessen repetitive manual interventions, freeing up time for security practitioners to focus on more strategic tasks. 28% have integrated AI security tools into their ordinances, with another 41% either actively testing them or in an early evaluation phase of AI-driven security tools. Experiences with security solutions built on AI have been positive. 63% said they have substantially increased their productivity.
Security professionals expect AI to have the most immediate positive security impact on network monitoring (40%), followed suit by security operations and testing – 30% for both. Other areas the respondents cited as presuming to benefit from AI include vulnerability management (29%), threat modeling (28%), and endpoint protection (also 28%). ISC2 researchers pointed out that these are all time-consuming activities that are also ripe for automation.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataWhile AI is widely perceived in many sectors as a threat to job security, that isn’t the case with cybersecurity professionals. Seventy-three percent expect AI to open the door for more specific cybersecurity pathways, and 72% believe the technology will require more strategic approaches. Sixty-six percent also see AI adoption as driving the need for more communication skills.
