■ Omdia & ISSA | 380 Global Respondents | Volume VIII
New Study Shows 83% of Organizations Are Adopting AI for Cybersecurity, But Cyber Pros Say the Job Has Become Harder
The Life and Times of Cybersecurity Professionals, Volume VIII — the longest-running annual study of its kind — finds that as attackers leverage AI to scale attacks and organizations pour resources into AI-powered security tools, the professionals responsible for using them are burning out, being left out of decisions, and thinking about leaving the field.
About the research
Eight consecutive years. One consistent message.
The Life and Times of Cybersecurity Professionals, Volume VIII is based on a survey of 380 IT and cybersecurity professionals from ISSA’s global member list, conducted by Omdia. This is the eighth consecutive annual edition — dating to 2016 — making it one of the most credible longitudinal workforce studies in the cybersecurity industry.
Beyond illustrating challenges, this year’s edition highlights specific areas where cybersecurity professionals suggest ways their organizations can alleviate burdens on practitioners — including through AI adoption — while simultaneously strengthening defenses and reducing risk.
Certifications, training, and networking advance careers
Top career advice from practitioners: get certified, network through professional organizations, and seek apprenticeship or mentorship.
Job stress is the #1 driver of attrition
53% cite high job stress as the primary reason they would leave the profession. Only 2% say they feel no job stress at all.
Leadership commitment outranks salary
39% say leadership commitment to strong cybersecurity is the top driver of job satisfaction — above compensation, career advancement, or technology investment.
The CISO role is evolving rapidly
Full-time CISO appointments fell from 76% to 63% in one year. Virtual CISOs tripled. 37% say leadership skills matter most — only 13% say technical skills.
Skills shortage affects 75% of organizations
44% of teams redirected to incident response, 42% carry increased workloads, 37% have seen higher burnout and attrition. The gap degrades security outcomes.
Mentorship is essential for career entry
54% say seeking an apprenticeship, internship, or mentor is among the most valuable steps for anyone entering the field — the #3 piece of career advice given.
Data from the study
What the data shows
What our spokespeople say
Voices from the profession
Eight years of data point to the same conclusion. The cybersecurity profession is struggling not because talent is scarce, but because organizations are not investing enough in developing and retaining the people they already have. That is the leadership opportunity in front of us right now.
AI will not close the cybersecurity skills gap on its own. The organizations getting the most from their security programs are the ones that invest in their people first. Training, inclusion, and clear career paths are not soft benefits. They are what makes everything else work.
What sustains people in this profession long-term is connection. Access to peers who understand the work, mentors who have navigated the same challenges, and a community where your development is taken seriously. That is what professional associations exist to provide, and it is something no AI tool replaces.
Study highlights
Five findings every security leader needs to know
Full-time CISOs are declining — virtual CISOs are filling the gap
CISO appointments fell from 76% to 63% of organizations in a single year, while virtual CISOs tripled from 5% to 16%. 37% of practitioners say leadership skills matter most in a security leader — only 13% say technical skills. The CISO of 2026 is a business executive first.
Three-quarters of organizations feel the cybersecurity skills shortage
And the operational effects are real: 44% of security teams diverted from strategic work to incident response, 42% carry increased workloads, and 37% have seen higher burnout and attrition. The gap is not just a headcount problem — it degrades security outcomes.
Leadership commitment is the top driver of job satisfaction — not salary
39% cite the leadership team’s commitment to strong cybersecurity as the #1 factor in job satisfaction. Competitive compensation ranked second at 35%. When organizations show up for their security teams culturally, retention improves — consistent across eight years of data.
Practitioners say mentorship and apprenticeship are essential for career entry
54% say seeking an apprenticeship, internship, or mentor is among the most valuable steps for anyone entering the field — the #3 piece of career advice. ISSA’s AIM committee — Apprenticeship, Internship & Mentorship — is building the infrastructure to make that guidance real.
Only 29% rate their organization’s cybersecurity culture as advanced
Half say average. 19% say fair. Organizations with advanced cultures share a consistent profile: security teams are included in technology decisions, practitioners have executive access, and cybersecurity is a shared responsibility — not just an IT function.
AI and the cybersecurity workforce
AI is accelerating. The people challenge is accelerating faster.
83% of organizations are using or planning to adopt AI for cybersecurity. The use cases are real and practical — automated scanning and testing, predictive risk analysis, and threat detection lead adoption. AI is a genuine force multiplier for stretched teams.
But 68% of cybersecurity professionals say the job has gotten harder over the past two years, even as AI adoption has accelerated. 25% of organizations have increased AI spending without a defined strategy connecting it to their people or their security program.
AI amplifies what skilled, supported security teams can do. It does not replace the investment in building them.
Get the full research
Read the complete study
The full ebook covers job satisfaction, the skills shortage, organizational culture, AI adoption, and the evolving CISO role. Free download — no registration required.
For four decades, ISSA has been the professional community where cybersecurity practitioners come to learn, connect, and grow — a member-driven organization focused on giving the people doing this work the resources, knowledge, and community they need to do it well. ISSA is where the cybersecurity workforce at every level and every stage of their career finds peers who understand the pressure and a global network of chapters, events, and resources built around their development.
55% of professionals in this study say attending industry events advances their careers. 41% say belonging to a professional organization does the same. Join ISSA today.
Enterprise Strategy Group, now part of Omdia, provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling. Melinda Marks serves as Practice Director, Cybersecurity.
Kesselring Communications
Leslie Kesselring • leslie@kesscomm.com