17 December 2025

The findings highlight that staffing risks remain deeply entrenched, even as financial pressures begin to ease. Although 2024 saw widespread layoffs, hiring freezes, and budget reductions, there are early signs of stabilisation, with layoffs decreasing slightly to 24%. However, ISC2 warns that easing budget constraints do not mean organisations are out of danger, as ongoing funding limitations continue to hinder security teams and exacerbate staffing challenges.

A significant portion of organisations — 33% — still report insufficient resources to adequately staff cybersecurity teams, while 29% say they cannot afford to hire specialists with the necessary skills to effectively protect their businesses. The impact of staffing shortages is already apparent, with 72% of respondents agreeing that reducing security personnel heightens the risk of a cyber breach. More concerning is that the shortage of skilled professionals, rather than overall headcount, is now the primary driver of cybersecurity risk. Nearly nine in ten organisations have experienced at least one major security incident related to skills gaps, with 69% reporting multiple such events.

Andy Ward, SVP International at Absolute Security, emphasised the critical importance of closing the skills gap. He noted that 59% of CISOs now see cyber threats as the most significant danger facing the UK, surpassing risks from AI and other sources, amid a reported 50% increase in high-severity attacks over the past year. Ward stressed that cyber resilience depends on building a strong security team, as cyber-attacks are increasingly seen as a matter of when, not if.

Debra Taylor, acting CEO and CFO of ISC2, pointed out that the most urgent concern for cybersecurity teams is shifting from headcount to skills. She highlighted AI as both a challenge and an opportunity for the sector, with nearly three-quarters (73%) of respondents believing AI will create more specialised cybersecurity roles, and 72% expecting it to boost demand for strategic cyber leadership. Two-thirds also anticipate the need for broader skillsets across the workforce to manage AI-related vulnerabilities.

Currently, 28% of organisations have integrated AI tools into their security operations, with 69% testing, evaluating, or implementing AI solutions. Demand for AI security expertise continues to grow, with 41% citing AI as a top skills priority — second only to cloud security at 36%. Nearly half of cybersecurity professionals are actively developing AI knowledge, while 35% are training specifically to understand vulnerabilities and exploits related to AI.

Despite ongoing challenges, confidence in the sector remains high. About 87% of respondents believe there will always be a need for cybersecurity professionals, and 81% remain optimistic about the sector’s long-term resilience.