Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teams
A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
While 2024 saw a surge in layoffs, budget cuts, and hiring and promotion freezes, the economic conditions hitting cybersecurity teams appear to be levelling off.
A new report from ISC2 shows that budget cuts across the industry fell by one percentage point to 36% this year, with layoffs also dropping by one percentage point to 24%.
However, while budget cuts are slowing down, a continued lack of budget is still a key hurdle for security leaders, exacerbating long-running staff shortages.
Around one-third (33%) of respondents to the ISC2 survey noted their organizations didn't have the resources to adequately staff their teams. Meanwhile, 29% said they couldn't afford to hire staff with the skills they need to adequately secure their organizations.
As a result, 72% agreed that reducing security personnel significantly increases the risk of a breach in their organizations.
Crucially, it's a shortage of skilled personnel, rather than mere numbers, that's really giving security professionals headaches. Nearly nine-in-ten said they'd experienced at least one significant cybersecurity-related consequence in their organization because of skills shortages, while 69% said they'd experienced more than one.
An overwhelming 95% of respondents said they had at least one skill need - up 5% from 2024 - and 59% cited critical or significant skills needs, up 15% from last year.
“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said ISC2 acting CEO and CFO Debra Taylor.
“Skills deficits raise cybersecurity risk levels and challenge business resilience.”
AI is a big opportunity for cyber teams
Notably, Taylor said the increased adoption of technologies such as generative AI is welcomed by cybersecurity workers. Nearly three-quarters (73%) said AI will create more specialized cybersecurity skills while 72% said the technology will create the need for more strategic cybersecurity mindsets.
Two-thirds, meanwhile, said AI will require broader skillsets across the workforce.
At present, around 28% of respondents have integrated AI tools into their operations, with 69% engaged in some sort of adoption process: integration, active testing, or early evaluation.
Demand for AI-related cybersecurity skills is also growing, ISC2 found, remaining among the top skills for the second consecutive year.
This year, 41% of respondents cited AI as a top skill needed followed by cloud security at 36%.
Nearly half of respondents said they were already working to gain more generalized AI knowledge and skills, while 35% are educating themselves on AI solutions at risk to better understand vulnerabilities and exploits.
All of this is leading to more confidence, with 87% believing there will always be a need for cybersecurity professionals and 81% confident the profession will remain strong.
"Many cybersecurity professionals view AI as an opportunity for career advancement," said Taylor. "They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Cybersecurity skills: Addressing gaps and challenges in 2025
- The cybersecurity skills your business needs
- Cyber skills shortages are pushing firms into dangerous shortcuts
-
Post-cloud strategy: Architecting the next enterprise stackAs enterprises rethink their dependence on hyperscale, hybrid architectures are emerging as the new foundation for resilient, AI-ready infrastructure
-
Anthropic just launched Claude Fable 5, its first Mythos-class AI modelNews The launch of Claude Fable 5 marks the first public release of a Mythos-class AI model
-
‘We’re not investing as much as we should in their skills and development’: Skills shortages remain a key factor in security breaches — and things could get worse with AI in the equationNews Skills capabilities remain a key factor in security breaches, according to a new study
-
Pay up or expect attrition: 77% of cyber professionals missed out on pay rises last year – and almost half now plan to switch rolesNews Organizations are overlooking cyber pros when it comes to pay increases, and it could cost them dearly
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
