Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teams

While 2024 saw a surge in layoffs, budget cuts, and hiring and promotion freezes, the economic conditions hitting cybersecurity teams appear to be levelling off.

A new report from ISC2 shows that budget cuts across the industry fell by one percentage point to 36% this year, with layoffs also dropping by one percentage point to 24%.

However, while budget cuts are slowing down, a continued lack of budget is still a key hurdle for security leaders, exacerbating long-running staff shortages.

Around one-third (33%) of respondents to the ISC2 survey noted their organizations didn't have the resources to adequately staff their teams. Meanwhile, 29% said they couldn't afford to hire staff with the skills they need to adequately secure their organizations.

As a result, 72% agreed that reducing security personnel significantly increases the risk of a breach in their organizations.

Crucially, it's a shortage of skilled personnel, rather than mere numbers, that's really giving security professionals headaches. Nearly nine-in-ten said they'd experienced at least one significant cybersecurity-related consequence in their organization because of skills shortages, while 69% said they'd experienced more than one.

An overwhelming 95% of respondents said they had at least one skill need - up 5% from 2024 - and 59% cited critical or significant skills needs, up 15% from last year.

“A shift is happening. This year’s data makes it clear that the most pressing concern for cybersecurity teams isn’t headcount but skills,” said ISC2 acting CEO and CFO Debra Taylor.

“Skills deficits raise cybersecurity risk levels and challenge business resilience.”

AI is a big opportunity for cyber teams

Notably, Taylor said the increased adoption of technologies such as generative AI is welcomed by cybersecurity workers. Nearly three-quarters (73%) said AI will create more specialized cybersecurity skills while 72% said the technology will create the need for more strategic cybersecurity mindsets.

Two-thirds, meanwhile, said AI will require broader skillsets across the workforce.

At present, around 28% of respondents have integrated AI tools into their operations, with 69% engaged in some sort of adoption process: integration, active testing, or early evaluation.

Demand for AI-related cybersecurity skills is also growing, ISC2 found, remaining among the top skills for the second consecutive year.

This year, 41% of respondents cited AI as a top skill needed followed by cloud security at 36%.

Nearly half of respondents said they were already working to gain more generalized AI knowledge and skills, while 35% are educating themselves on AI solutions at risk to better understand vulnerabilities and exploits.

All of this is leading to more confidence, with 87% believing there will always be a need for cybersecurity professionals and 81% confident the profession will remain strong.

"Many cybersecurity professionals view AI as an opportunity for career advancement," said Taylor. "They are using AI tools to automate tasks, and they are investing their time to learn more and demonstrate their expertise in using and securing AI systems."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• Cybersecurity skills: Addressing gaps and challenges in 2025
• The cybersecurity skills your business needs
• Cyber skills shortages are pushing firms into dangerous shortcuts