New ISACA Study Reveals Rising Job Stress in Cybersecurity Teams

cybersecurity workforce ISACA study 2025 staffing challenges AI in cybersecurity cybersecurity skills gap
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
September 29, 2025 3 min read

New ISACA Study: Cybersecurity Workforce Challenges

ISACA’s State of Cybersecurity 2025 survey report reveals that 70 percent of security professionals expect the demand for technical cybersecurity professionals to rise in the next year. Despite this, 55 percent of cybersecurity teams are understaffed, and 65 percent have unfilled cybersecurity positions. Only 29 percent of enterprises are providing training for non-security staff to transition into security roles, a decrease from 41 percent last year. This is concerning as 46 percent of respondents noted that many staff had previously transitioned from other fields. For more details, visit ISACA.

Staffing and Resource Challenges

The survey indicates a high demand for technical cybersecurity professionals, but hiring and retention challenges remain significant. 38 percent report it takes three to six months to fill entry-level roles, and 39 percent report similar delays for non-entry-level roles. Additionally, half of the organizations struggle to retain cyber talent. The financial outlook is mixed, with 53 percent indicating budgets are underfunded, but only 41 percent expect budget increases. For insights on improving hiring practices, refer to ISACA Cybersecurity Resources.

Skills Gap and AI Involvement

In the evolving cybersecurity landscape, adaptability (61 percent) and prior cybersecurity experience (60 percent) are the top qualifications sought. Notably, 59 percent of respondents identified soft skills as a significant skills gap, with critical thinking (57 percent), communication (56 percent), and problem-solving (47 percent) being the most crucial. As cybersecurity teams increasingly adopt AI, 47 percent have contributed to AI governance, and 40 percent have been involved in its implementation, primarily in areas like threat detection and routine task automation. More on AI's role in cybersecurity can be found at TechRepublic.

Complex Threat Landscape and Job Stress

The report highlights a complex threat landscape, primarily characterized by social engineering attacks (44 percent), followed by exploited vulnerabilities (37 percent) and malware (26 percent). Despite this awareness, only 41 percent are confident in their incident response capabilities. Stress levels are on the rise, with 66 percent of cybersecurity professionals expressing that their roles are more stressful than five years ago, largely due to the complex threat environment. For a deeper understanding of workplace stress factors, check out ISACA's findings.

Cybersecurity in Europe

Nearly Two-thirds of Cybersecurity Pros Say Job Stress Is Growing, According to New ISACA Research
In Europe, nearly 39 percent of IT and cybersecurity professionals report an increase in cyberattacks compared to the previous year. However, confidence in readiness remains low, with only 38 percent feeling fully confident in their organizations' detection and response capabilities. This situation is compounded by 65 percent citing the complex threat landscape as a significant stressor. For further details on the European cybersecurity outlook, consult the Datamation article.

Budget and Staffing Issues

Despite some improvements, 58 percent of organizations still report being understaffed, and 54 percent say their cybersecurity budgets are underfunded. The slow progress in staffing and funding fails to align with the escalating cyber risks. 68 percent of professionals feel their jobs are more stressful than five years ago, with many citing unrealistic workloads and insufficient training as contributing factors. For more insights into the stress and hiring challenges in cybersecurity, read the full report on ISACA's website.

Retention and AI Integration

The retention of cybersecurity professionals remains a challenge, with 52 percent of organizations struggling to keep qualified staff. The integration of AI into cybersecurity is accelerating, with 51 percent of teams contributing to AI governance. AI is being utilized for threat detection (29 percent) and endpoint security (28 percent). As legislative measures like the EU AI Act advance, the urgency for stronger AI security regulation and continuous training is evident. Explore more about AI's implications in cybersecurity at ISACA and TechRepublic.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

React2Shell Vulnerability CVE-2025-55182: Exploitation Threats and Trends
React2Shell vulnerability

React2Shell Vulnerability CVE-2025-55182: Exploitation Threats and Trends

Critical React2Shell RCE vulnerability exploited by threat actors. Learn about attacker techniques, observed payloads like crypto miners, and how to protect your systems. Read now!

By Divyansh Ingle December 12, 2025 8 min read
Read full article
WinRAR CVE-2025-6218 Vulnerability Under Active Attack by Threat Groups
WinRAR vulnerability

WinRAR CVE-2025-6218 Vulnerability Under Active Attack by Threat Groups

CISA flags WinRAR CVE-2025-6218 as actively exploited. Learn about this path traversal flaw and how to protect your systems. Update now!

By Jim Gagnard December 11, 2025 3 min read
Read full article
Malicious VSCode Extensions Launch Multi-Stage Attacks and Infostealers
malicious VSCode extensions

Malicious VSCode Extensions Launch Multi-Stage Attacks and Infostealers

Beware of malicious VSCode extensions & device code phishing scams. Learn how these attacks steal credentials, capture screens, and hijack sessions. Protect yourself now!

By Alan V Gutnov December 10, 2025 6 min read
Read full article
PRC State-Sponsored BRICKSTORM Malware Targets Critical Infrastructure
BRICKSTORM malware

PRC State-Sponsored BRICKSTORM Malware Targets Critical Infrastructure

Discover how PRC state actors are using BRICKSTORM malware to gain persistent access via VMware. Learn about its advanced evasion techniques and how to defend your systems. Read now!

By Divyansh Ingle December 9, 2025 3 min read
Read full article