As global cybersecurity hiring begins to stabilize after years of layoffs and frozen budgets, skills gaps loom large as one of the greatest challenges facing the cybersecurity workforce, the new annual ISC2 Cybersecurity Workforce Study found.
The annual workforce report for 2025 from the International Information System Security Certification Consortium (ISC2) is based on a survey of more than 16,000 cybersecurity professionals worldwide.
The findings mark a turning point in the ISC2 survey: For the first time, the organization declined to publish a global workforce gap estimate, citing respondents’ view that “skills shortages eclipse the impact of staff shortages alone.”
Nearly two-thirds of respondents (59%) identified critical or significant skills shortages within their teams, up from 44% in 2024. Only 5% said they face no current skills gaps.
Around one-quarter (23%) are grappling with one or more critical skills needs. That list is topped by artificial intelligence (AI) and cloud security, with 41% and 36% of respondents respectively citing them as vital.
Additional high-demand skills include risk assessment, application security, security engineering, and governance, risk and compliance.
Though not all skills are high in demand, according to the report. Zero trust, digital forensics and incident response, and quantum computing all came in at lower numbers than previous years.
Teams are struggling to develop or find the skills they need, the report noted, saying that “both technical and nontechnical skills are in short supply. Few respondents selected just one issue within their team.”
“A lack of people and skills also inhibits existing professionals’ abilities to adapt to the changing technology needs of the organization and the evolving threat landscape outside it,” ISC2 said.
The majority of respondents (88%) said they experienced at least one significant cybersecurity consequence because of a skills deficiency within the team or wider organization, and 69% experienced more than one.
Despite the easing of some financial pressures, budget concerns remain. Nearly one-third (29%) said they didn’t have the funds for hiring. In addition, 30% of respondents said they were unable to find people with critical skills. “Budget pressures once again illustrate a direct impact on capability and readiness within cybersecurity teams,” ISC2 said.
Professional development and training, investing in emerging technologies to supplement staffing shortages, and outsourcing work are three primary ways cybersecurity leaders are addressing skills and staff issues, ISC2 said.
Despite pressure from workloads, stagnant budgets, and ongoing economic headwinds, many cybersecurity professionals remain optimistic about their career prospects, ISC2 noted. A large majority believe demand for cyber talent will persist, and many view emerging technologies as both a challenge and an opportunity for growth.