Adaptability is now the top qualification factor for cybersecurity professionals, ISACA’s 2025 State of Cybersecurity report found, with 61 percent of respondents considering it as the top factor. Closely following are hands-on experience (60 percent) and soft skills (59 percent – specifying that the key soft skills needed include critical thinking, communication and problem-solving).
"In a world of AI-based attacks, disinformation campaigns, and constantly shifting mandates, adaptability is the new baseline for survival,” said Jeff Wade, global CISO and cybersecurity strategist.
ISACA’s annual State of Cyber report, which surveyed more than 3,800 cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape, also found that fewer enterprises are training non-security staff to move into security roles, with only 29 percent of enterprises providing this training, compared with 41 percent last year. This is despite almost half of respondents (46%) indicating more than half of their current cyber staff transitioned from roles outside of the field.
Additionally, cybersecurity staffing challenges persist. More than half (55 percent) of cybersecurity teams are understaffed, and 65 percent have unfilled cybersecurity positions. Half of respondents admit their organizations struggle to retain cyber talent, but 70 percent expect demand for technical contributors to rise.
Compounding ongoing staffing challenges, 66 percent of cybersecurity professionals say their role is more stressful now than five years ago. Thirty-five percent report increased attacks this year, and 43 percent believe an attack on their organization is likely or very likely in the next year.
"The truth is that cybersecurity professionals are genuinely feeling overwhelmed," said Jenai Marinkovic, vCISO/CTO, Tiro Security, CEO & chairman of the board, GRCIE, and ISACA Emerging Trends Working Group member. "We exist simultaneously as technical experts, business translators, compliance officers, and now AI governors. The "complex threat landscape" has become code for "I can't keep pace with everything I'm expected to be or become.""
Regarding AI implementation, 47 percent of respondents say they have helped develop AI governance, and 40 percent have been involved in AI implementation. Respondents indicate the top uses of AI in security operations are:
- Threat detection (32%)
- Endpoint security (30%)
- Routine task automation (28%)
The report also found that only 27 percent of respondents believe university graduates are well-prepared, listing the following as the top skills/knowledge gaps in new graduates:
- Incident response (43%)
- Data security (39%)
- Threat detection and response technologies (39%)
- Identity and access management (39%)
For more insights from the report, download a complimentary copy of ISACA’s 2025 State of Cybersecurity survey at www.isaca.org/state-of-cybersecurity. For more cybersecurity resources from ISACA, including its recently introduced Certified Cybersecurity Operations Analyst (CCOA) and Advanced in AI Security Management (AAISM) certifications, visit www.isaca.org/cybersecurity.
Editor’s note: In recognition of Cybersecurity Awareness Month, ISACA is offering a 20% discount on the CCOA Online Review Course.