The State of the 2025 Cyber Workforce: Skills Gaps, AI Opportunity and Economic Strain

Over the past few years, I have learned quite a bit about the cyber workforce from the annual ISC2 workforce development report. For example, last year I analyzed the ISC2 report in this blog, but significant changes have developed over the past 12 months.

The key takeaway from the 2025 data reveals how staff and budget cuts are increasing perceived security risk, while rapid AI adoption is reshaping skills requirements and creating new career opportunities.

Tara Wisniewski, executive vice president of advocacy, global markets and member engagement for ISC2, commented on the report, “This year’s record survey of more than sixteen thousand professionals shows that skills matter more than ever. Eighty-eight percent have already seen skills needs lead to real consequences, underscoring the importance of investing in people so organizations can adapt as risks evolve.

“Professionals value development, cross-training, and simply feeling heard. They are also leaning into AI, with 70 percent pursuing AI qualifications and most expecting it to create more strategic and communication-focused roles. Cybersecurity has always been about people, and supporting their growth is the surest way to strengthen resilience in the cyber profession.”

WORKFORCE KEY FINDINGS

Readers can access the report at the ISC2 website here.

Here are some of the report highlights worth mentioning, along with a sample of the data charts (which are used with permission of ISC2). As always, I urge you to visit their website to view the full report and additional details.

“Economic uncertainty continues to weigh heavily on cybersecurity teams — The surge in hiring freezes, layoffs, budget cuts and promotions reported in 2024 shows signs of stabilizing in 2025. Figures are beginning to level off rather than significantly diminishing, intimating the economic drivers that are forcing caution on spending to remain, adding pressure on existing cybersecurity teams. Many in the cybersecurity workforce are worried that economic austerity will harm the security resilience of the organizations in which they work.

“Skills and staff shortages are raising cybersecurity risk levels and challenging business resilience — The economic and budget issues that have held back or diminished hiring and investment in skills have also contributed to knowledge and competency deficits within organizations and their cybersecurity teams. Organizations must find ways to widen their skills base and talent pools — including investing in existing personnel through multiskilling and skills investment — despite budgetary constraints, to bolster cybersecurity capability and meet demand.

“AI has shaken up the cybersecurity workforce, but positivity remains high as professionals foresee career opportunities — AI is redefining both cybercrime and cybersecurity. However, far from being daunted, those within the cybersecurity workforce who are actively using AI tools are positive about the current and future impact of the technology, seeing opportunities for skills development, along with the creation of more and new jobs. They continue to see a symbiotic future where AI enhances the cybersecurity working experience rather than replacing skilled personnel.

“Job satisfaction is positive in the face of extensive disruption, but warning signs exist for team leaders and employers — Workers remain passionate and fulfilled by their career choice, but do not necessarily feel the same about their wider organizations. Employers and hiring managers need to ensure that cybersecurity professionals feel seen and heard, and that they have access to opportunities to advance in their careers and knowledge to remain relevant. Retention may become a challenge when the job market improves.”

DIGGING DEEPER INTO THE DATA

I found these charts to be especially intriguing regarding cybersecurity cutbacks and layoffs. The fact that smaller organizations fared better than larger organizations is significant, in my opinion.
Focusing on industries that received the most and least cybersecurity layoffs was also fascinating, with education near the bottom of the list along with nonprofits, whereas IT cloud hosting services showed many more layoffs.
When focusing on budget cuts in cybersecurity, as I mentioned a few weeks ago, we have a very mixed picture across the country in state and local governments.

On the one hand, this ISC2 data shows that governments (non-military) are near the top of the list of industries impacted by cuts, and yet that trend varies from state to state based on their overall state budget situations.
Where are cybersecurity skills needed most? I found this list to be especially helpful, with clarity around the needs for AI skills in cybersecurity.

FINAL THOUGHTS

I was able to speak at a workforce development cyber workshop in early November at North Carolina A&T State University, which is a part of the Carolina Cyber Network. The panel of public- and private-sector industry experts made great points, and they focused on the need for partnerships, collaboration, internships, mentorships and gaining work experience while in school.

What was clear is that there has been a shift in the job market over the past 12 months, and the successful job seekers are those people who are relentless in their pursuit of finding the intersection of business need, skill sets (including experience) and personal passion.

Also keep in mind that demonstrating interpersonal communication skills is a big part of the interview process for most organizations, and this relationship aspect was highlighted as essential by most of the experts who presented at the workshop.