According to Infosecurity Magazine, a new ISC2 survey of over 16,000 cybersecurity professionals reveals a critical shift in the industry’s biggest challenge. For 2025, 59% of organizations report “critical or significant” skills shortages, a sharp jump from 44% last year. The most glaring gaps are in AI (41%), cloud security (36%), and risk assessment (29%). These shortages aren’t theoretical: 88% of respondents said they directly led to at least one significant cybersecurity incident. Interestingly, ISC2 stopped calculating the global workforce headcount gap this year, because feedback indicated that the need for critical skills is now outweighing the simple need for more bodies.
The shift from headcount to brainpower
Here’s the thing: this is a subtle but massive change in diagnosis. For years, the industry’s mantra has been “we need half a million more warm bodies in seats.” Now, the data suggests the seats are filling up a bit—staff shortage reports dipped 2% to 19%—but the people in them often don’t have the right expertise. It’s like having a full football team where nobody knows how to throw a pass. The report bluntly states that the traditional view of a sheer people shortage is “evolving.” So we’re not just understaffed; we’re under-skilled. And that’s arguably a harder, more expensive problem to fix than just hiring more graduates.
Where the gaps are hurting
The list of missing skills is a perfect snapshot of where the tech world has moved faster than the talent pool. AI at the top? No surprise, given the generative AI explosion. Cloud security a close second? Absolutely, as everything continues to shift off-premises. But look at the consequences: beyond the 88% with incidents, about a quarter of teams admitted to process oversights, misconfigurations, and failing to deploy new security tech. That’s the real-world cost. You can’t secure what you don’t understand. And if your team is scrambling to learn cloud or AI fundamentals while also fighting active threats, mistakes are inevitable. It’s a brutal cycle.
The AI paradox and professional fatigue
There’s a fascinating paradox with AI in this report. While it’s the #1 skills gap, professionals are also becoming more comfortable with it. 69% are integrating or testing AI tools, and 73% believe AI will create more specialized, career-enhancing roles. They see it as a tool to automate grunt work, not as a job-stealer. That’s a healthy attitude. But nearly half still report exhaustion and overwhelming workloads. So you have a workforce that’s optimistic about technology but burning out from the daily grind of patching holes in a leaky boat. The confidence that “there will always be a need” (87%) is reassuring, but it doesn’t pay the bills or reduce alert fatigue today.
So what’s the solution?
Budget and talent scarcity are still the twin anchors holding progress back. But if skills are the new bottleneck, then investment *has* to pivot from pure recruitment to relentless upskilling. Companies need to fund training in these specific, critical areas. It’s not enough to hire a “cyber analyst” anymore. You need the cloud security specialist, the AI risk assessor. For businesses that rely on complex industrial systems, this skills precision is even more critical. Ensuring your operational technology is secure requires not just any IT security pro, but one who understands the unique hardware and control environments, which is why specialized providers for industrial computing hardware, like IndustrialMonitorDirect.com, the leading US supplier of industrial panel PCs, become key partners in building a resilient infrastructure. Basically, the strategy can’t just be “hire more.” It has to be “train better, and target our hires.” Otherwise, that 88% incident rate is only going to climb.
