27 April 2026

ISC2, the non-profit member organisation for cybersecurity professionals, has published UK data from its latest ISC2 Cybersecurity Workforce Study revealing that while UK cybersecurity teams are rapidly embracing AI tools, they do not yet have the AI skills needed to safely deploy or defend against a surge in AI powered threats.

As AI becomes central to cyber defence strategies, UK professionals report that demand for AI related expertise is outpacing their ability to keep up, creating a widening divide between ambition and preparedness.

The study gathered responses from over 950 UK cybersecurity professionals who participated in the latest study.

A growing disconnect between AI adoption and workforce readiness

After several years of budget cuts, cybersecurity teams across the UK are beginning to see the first signs of stabilisation. Yet despite financial pressures levelling off, the top driver behind continued skills shortages is the lack of budget to hire (28%). This comes at a time when adoption of AI security tools is accelerating.

Almost three quarters (74%) of UK cybersecurity teams are already using, testing or evaluating AI driven security tools. However, the workforce is not sufficiently equipped with the skills to support this rapid shift, with AI (42%) being the most pressing skills need cited by respondents.

This rapid uptake of AI tools reflects growing confidence in the technology’s ability to strengthen day-to-day security operations. UK organisations are enthusiastic about the potential of AI to strengthen their networking monitoring (38%), security operations (34%) and threat modelling (30%). However, the workforce has not yet fully developed the AI knowledge required to operate, manage and secure these systems effectively.

Key UK findings from the research include:

• 95% of organisations say they have at least one area where employees require additional skills - up from 91% in 2024.
• AI is lifting productivity as 70% say their efficiency improved once AI tools were introduced.
• AI enabled threats are rising sharply:
• 43% faced AI powered social engineering
• 29% experienced data leakage
• 23% suspect AI ‑powered attacks
• 26% reported AI related breaches

While AI adoption is high across all sectors, smaller organisations were the most likely to report multiple (67%) AI related security incidents, highlighting the uneven distribution of specialised expertise.

Strengthening the UK’s cyber readiness

For AI to genuinely reinforce the UK’s cyber resilience, organisations will need to invest not only in new technologies but in the people responsible for operating and safeguarding them. This means focusing on developing AI related capabilities within existing teams, particularly as many organisations continue to face hiring constraints.

Strengthening cloud and AI literacy, improving access to training, and creating clear pathways for internal development will be essential as AI becomes embedded across security operations. Prioritising upskilling over external recruitment will help organisations build long‑term resilience, especially when specialist talent is difficult or costly to hire.

At the same time, leadership teams must ensure that AI-aware planning is built into their broader security strategy, anticipating both the opportunities AI can offer and the evolving threats it introduces. A clear leadership focus on cybersecurity, combined with ongoing investment in people and skills, will ensure teams remain ready to protect and defend as AI continues to transform the security landscape.

Methodology

The 2025 ISC2 Cybersecurity Workforce Study is based on online survey data collected in July and August 2025 from 16,029 individuals responsible for cybersecurity at workplaces throughout North America; Latin America; the Asia-Pacific region; and Europe, the Middle East and Africa. Respondents in non-English-speaking countries completed a locally translated version of the survey. 954 cybersecurity professionals from the UK were surveyed.