This month’s newsletter explores one of the most pressing challenges facing organizations and businesses today: the global shortage of skilled cybersecurity professionals. We will discuss the growing impact this gap has on defense strategies and cyber resilience, and suggest strategies to solve the problem.
Despite rapid advances in AI and automation, cybersecurity still relies on workers with expertise and training. Organizations need professionals with strong technical and strategic skills who can adapt to an always evolving threat landscape. However, limited budgets, evolving technologies, and a mismatch between available talent and organizational needs continue to widen the gap.
According to the World Economic Forum, “only 14% of organizations” are confident they have the cybersecurity talent and skills that are currently required.
The cybersecurity workforce shortage is significant and growing. In fact, the global workforce is short by at least 4.7 million professionals. According to a 2025 cybersecurity skills gap report, “nearly 9 out of 10 organizations experienced a breach in 2024” and over 50% of those breaches are linked to lack of general security awareness and just not enough specialists with skills or training to fill the gap.
The issue is not just the number of workers, it’s also the type of skills needed. High-demand areas include cloud security, data security, network security, and AI and machine learning security. Without enough trained professionals, critical roles such as security analysts, incident responders, and cloud engineers remain unfilled.
Security teams are increasingly underfunded and overworked. According to Sameer Ansari, at consulting firm Protiviti, as reported in a recent issue of CSO, “CISOs are being asked to do more with less,” leading to burnout and high turnover. If workers are “always on,” and stressed, it’s hard to retain top quality workers.
Another problem, according to an article in Deep Strike, is that in 2025, for the first time, budget limitations and not talent availability are the leading cause of the skills gap.
According to CSO, there are several factors affecting the cyber skills gap. Some of them mentioned here include:
AI: AI is transforming cybersecurity while simultaneously complicating it. New tools require new skills, and threats are evolving faster than teams can adapt.
Expectations: Employers often seek “perfect” or what they perceive as “ideal” candidates with senior-level experience at salary levels that don’t match the experience, while candidates right out of school may expect high pay and specialized positions immediately after graduation. This disconnect slows effective hiring.
Training and Skills Mismatch: Traditional training often fails to align with real-world cybersecurity needs. Organizations require interdisciplinary skills combining technology, business, and policy.
The cybersecurity skills gap is no longer just an HR issue—it’s a business and national security risk as well. The global workforce stands at approximately 5.5 million, but demand exceeds 10 million. It’s a “perfect storm” of not enough people and a mismatch of critical skills. This gap in the workforce is now a strategic risk for many businesses as the average data breach is $4.88 million. According to DeepStrike, “Organizations with significant security staff shortages face data breach costs that are, on average, $1.76 million higher than their well-staffed counterparts.”
AI is a double-edged sword in cybersecurity. While it automates repetitive tasks, speeds up threat detection, and according to IBM, reduces costs by up to $1.9 million, it also creates new security vulnerabilities by broadening the attack surface. Additionally, it requires new skill sets to adapt to constantly shifting changes and it increases the workload for teams that are already overwhelmed and approaching burnout.
According to various reports, there is some hope that industry is evolving in how it defines roles and recruits’ workers to fill them. According to SC World, this shift in thinking has begun to open “doors for a diverse talent pool.” It appears that more organizations are looking at different types of IT workers or other business titles where people can gain skills through “targeted training. Many organizations today have dedicated initiatives to actively recruit minorities, women and military veterans. Military veterans and those from related fields bring invaluable traits like discipline, sharp problem-solving, and leadership—qualities that seamlessly translate to cyber defense.”
Addressing the cybersecurity skills gap will require a multi-faceted approach with a coordinated action involving people, processes, technology, and organizational leadership teams. Companies are going to have to build and retain talent by investing in upskilling and certifications, creating clear career pathways, and addressing burnout through better workload management and expectations.
For example, in CSO Online, Sameer Ansari from Protiviti mentioned that he’s encountering a growing number of CISOs who “are looking internally to fill security roles, seeing if they can retrain software engineers, for example, to gain additional cybersecurity skills to fill-in talent gaps.”
Companies will also have to look at hiring practices which will need to focus on skills, not just degrees. They will also have to look at expanding entry level opportunities for people in unrelated fields, people changing jobs or reentering the workforce. Part of this stretching the available talent pipeline will come by recruiting workers from diverse backgrounds and partnering with educational institutions and encouraging cybersecurity to be taught sooner in educational institutions.
Finally, they are going to have to leverage technology by using AI and automation to reduce workload and prevent burnout, simplifying security operations, and improving efficiency and scalability.
For job seekers and professionals seeking employment in cybersecurity, the skills gap represents a major opportunity. Those interested in these roles can obtain certifications, get hands-on experience, focus on high-need areas like AI and cloud security, and commit to continuous learning on the job through structured upskilling programs. This will help bridge the gap between theory and real-world application.
The cybersecurity skills gap has evolved into a complex, multi-dimensional crisis driven by rapid technological change, economic pressures, and misaligned talent strategies. Solving it will require a fundamental shift and organizations that invest in people, embrace new hiring models, and leverage technology strategically will be best positioned to close the gap and strengthen their defenses.
At CYRIN we understand that continuing innovation is needed as the marketplace continues to change. That’s why we stress continuing education and training, because the job is never done. We continue to work with our industry partners to address major challenges and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.
For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce. In an increasingly digitized world, training and experiential training are critical. A full-blown cyberattack is not something you can prepare for after it hits.
As this newsletter indicates, the best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Our new programs, including our new “mini labs,” AI, and Digital Twins, can create real-world conditions for you to practice before you must act. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!