ISC2 study finds AI boosts security despite slowing cybersecurity workforce growth

ISC2 study finds AI boosts security despite slowing cybersecurity workforce growth

Cybersecurity job satisfaction declines amid tightening job market, on-going staffing and skills shortages, and challenging threat environment.

ISC2 has released the 2024 ISC2 Cybersecurity Workforce Study. The report finds that, despite the growing need for professionals, global workforce growth has slowed for the first time since ISC2 began estimating the workforce size six years ago, holding at 5.5 million people (a 0.1% year-on-year increase).

This contrasts with last year when the workforce grew 8.7% year-on-year despite declining economic conditions. 

The study reveals that professionals are feeling the impact of declining investments in the cybersecurity workforce, including budget cutbacks and layoffs, affecting workforce satisfaction, the development of organisational security and the adoption of new technologies.

For the first time, participants cited ‘lack of budget’ as the top cause of their staffing shortages, replacing ‘lack of qualified talent’ as the top cause in the previous year’s research. Additionally, 74% of respondents say the threat landscape is the most challenging they have experienced in the last five years, and job satisfaction has fallen from 74% in 2022 to 66% in 2024.  

Meanwhile, 67% of respondents indicated they had a staffing shortage this year, while 90% reported skills gaps on their cybersecurity teams. More than half of those surveyed (58%) believe a shortage of skills puts their organisation at significant risk, and over one-third of respondents cited AI as the biggest skills shortfall on their teams. Professionals believe that AI and automation will have the most significant impact on their ability to secure their organisation. 

The study also measured cyber professional’s perspectives on the opportunities they see for growth. Study participants are optimistic about AI adoption and are focused on attaining the skills they need to be successful in an AI-driven workplace. 66% of study participants say AI represents career growth opportunities, while 54% say it will be helpful to their organisations’ security operations. 51% believe AI will result in certain cybersecurity skills becoming obsolete, but two-thirds are confident their expertise will complement the technology, with 80% saying their cybersecurity skill set will be more important in an AI-driven world.

“As economic conditions continue to impact workforce investment, this year’s Cybersecurity Workforce Study underscores that many organisations are putting their cyber teams under significant strain, risking burnout and attrition as job satisfaction rates fall,” said ISC2 Acting CEO and CFO Debra Taylor, CC.

“Despite these challenges, AI is viewed by professionals as a solution to strengthen their organisations’ security and create new efficiencies for their teams. They also view effectively managing risk associated with AI adoption and its strategic importance to their organisation’s future success as career growth opportunities for themselves and their peers. Organisations and cybersecurity leaders must recognise how AI can contribute to creating more resilient security teams, especially while economic challenges persist.”

Cyber professionals embracing AI

To prepare for future opportunities, 73% of respondents are building their cybersecurity skill set, 52% are focused on becoming a more strategic contributor to the organisation, and 48% are learning more AI-related skills.  

Additionally, 45% of respondents’ teams are already utilising AI in cybersecurity tools, with the top five use cases being: 

  • Augmenting common operational tasks (56%)
  • Speeding up report writing and incident reporting (49%)
  • Simplifying threat intelligence (47%) 
  • Accelerating threat hunting (43%)
  • Improving policy simulations (41%)

Other key findings include:

  • Nearly 90% of professionals said their organisation has a Gen AI use policy, but 65% say their organisation needs to implement more regulations on the safe use of Gen AI
  • Only 60% of respondents reported that their cybersecurity team is involved with creating regulations and guidelines for Gen AI
  • Lack of a clear Gen AI strategy was cited as one of the top barriers to its organisational adoption by nearly half (45%) of all participants
  • Once AI strategies are enhanced, 68% agree within the next two years, they will be able to use Gen AI effectively as part of their roles

Browse our latest issue

Intelligent CISO

View Magazine Archive