ISACA’s State of Cybersecurity 2025 report reveals a profession at a crossroads, with mounting stress, an aging workforce, and shifting priorities creating new challenges for the industry.
The Aging Workforce Crisis
One of the most concerning findings is the graying of cybersecurity professionals. The largest group of survey respondents (35%) is between 45 and 54 years old, while the number of younger workers under 35 has declined slightly. With many experienced professionals nearing retirement and fewer young people entering the field, organizations may soon face a critical talent shortage. Only half of the respondents manage staff with less than three years of experience, raising questions about who will replace retiring managers.
Stress Levels Remain High
Despite being in high demand, cybersecurity professionals are experiencing burnout. Sixty-six percent report that their roles are more stressful now than they were five years ago. The main culprit? An increasingly complex threat landscape, though fewer professionals cited this as a problem compared to last year (63% versus 81%). High stress levels are pushing people to leave their jobs, yet surprisingly, one-quarter of organizations aren’t taking any steps to address burnout.
Adaptability Tops the Wishlist
When hiring, employers now value adaptability above all else—61% say it’s essential. This marks a shift from previous years when hands-on experience was king. The importance of prior cybersecurity experience has decreased significantly, from 73% to 60%, indicating that employers are looking for professionals who can adapt quickly in a rapidly changing environment.
Soft Skills Are the Biggest Gap
The report identifies soft skills as the most significant deficiency among cybersecurity professionals, with a notable increase from 51% to 59% in just one year. Critical thinking, communication, and problem-solving are among the most essential skills. This gap may explain why boards sometimes fail to prioritize cybersecurity adequately—professionals struggle to communicate their value to non-technical leadership effectively.
Budget Pessimism Grows
Only 41% of respondents believe their cybersecurity budgets will increase in the next year, down from 47% in the previous year. Meanwhile, 18% expect cuts—a significant jump from 13% last year. This budget uncertainty, combined with declining employer benefits like certification fee reimbursement (down from 65% to 54%), paints a challenging picture.
AI Adoption Increases
On a positive note, organizations are increasingly using AI for security operations, particularly for automating threat detection and endpoint security. More importantly, 47% of cybersecurity professionals are now involved in developing AI policies, up from 35% last year, indicating a more secure and responsible approach to AI implementation ahead.
