Archive for ISSA

New Study Shows 83% of Organizations Are Adopting AI for Cybersecurity, But Cyber Pros Say the Job Has Become Harder

Posted in Commentary with tags on June 16, 2026 by itnerd

The Information Systems Security Association (ISSA) and Omdia today released Volume VIII of the Life and Times of Cybersecurity Professionals, the longest-running annual study of the cybersecurity workforce. As attackers leverage AI to scale attacks and organizations invest in AI-powered security tools, the professionals using them are burning out, being left out of decisions, and thinking about leaving the field.

83% of organizations are currently using or planning to adopt AI for cybersecurity, but the data reveals a critical gap between technology investment and workforce reality:

  • Top AI use cases include automating scanning and testing (50%), predictive risk analysis (48%), and threat detection (38%).
  • 68% say the job has become harder over the past two years, even as AI adoption has accelerated.
  • 25% have increased AI spending without a defined strategy connecting it to their people or security program.
  • Beyond AI, the study examines job satisfaction, the skills shortage, organizational culture, and the evolving CISO role.

The numbers behind that verdict are consistent across every edition of the study. Close to half of respondents have thought about leaving their role in the past 18 months, and among those, 57% have considered leaving cybersecurity entirely. 71% say technology decisions get made without the security team at the table. CISO appointments fell from 76% to 63% in a single year.

39% cite leadership commitment as the top driver of job satisfaction, above compensation and technology investment. 54% say seeking an apprenticeship, internship, or mentor is among the most valuable steps for anyone entering the field.

The full ebook is available at https://issa.org/life-and-times-of-cybersecurity-professionals-volume-viii/

New research from ESG and ISSA reveals continuous struggles within cybersecurity workforce impacting 71% of organizations 

Posted in Commentary with tags , on September 6, 2023 by itnerd

New research conducted by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) reveals the persistent struggles within the cybersecurity workforce, finding that the cybersecurity skills crisis continues unabated in a multi-year freefall that has impacted 71% of organizations and left ⅔ of cybersecurity professionals stating that the job itself has become more difficult over the past two years—while 60% of organizations continue to deflect responsibility.

The report findings include:

·   A career in cybersecurity is becoming more difficult in an increasingly challenging environment. Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with close to a third (27%) stating that it is much more difficult. Internal issues like workload complexity, staffing shortages, and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now. Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Nearly one-in-ten (8%) of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult.

·   A career in cybersecurity is becoming more difficult in an increasingly challenging environment. Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with close to a third (27%) stating that it is much more difficult. Internal issues like workload complexity, staffing shortages, and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now. Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Nearly one-in-ten (8%) of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult.

·   Most cybersecurity professionals aren’t very satisfied with their career choices.Cybersecurity professionals face daily job stress like an overwhelming workload, working with disinterested business managers, falling behind business initiatives, and keeping up with the security needs of new IT projects. Little wonder then why less than half of security pros are very satisfied with their current jobs, and 50% of security pros claim it is very likely, likely, or somewhat likely they leave their current job this year.

·   The global cybersecurity skills shortage continues unabated. Most organizations (71%) report that they’ve been impacted by the cybersecurity skills shortage—a dramatic increase from 57% in the last study, leading to an increased workload for the cybersecurity team (61%), unfilled open job requisitions (49%), and high burnout among staff (43%), according to respondents. Further, nearly all (95%) respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has only gotten worse. When asked to identify areas where the security skills shortage is most acute, respondents pointed to application security, cloud security, and security analysis and investigations. A majority of respondents (60%) believe that their organization could be doing more to mitigate the cyber skills shortage, with over one-third (36%) stating that they could be doing much more. Respondents say that their organizations could be taking steps like increasing security professional compensation, providing advanced non-monetary incentives, educating HR professionals and recruiters, and increasing their commitment to cybersecurity training as ways to better address the ongoing skills shortage.

·   CISOs must lead the charge. When asked to identify the qualities that make CISOs successful, nearly three-quarters (71%) pointed toward leadership or communications skills.  CISO effectiveness varies – 31% of respondents claim their CISO is very effective, 40% believe their CISO is effective, and 26% say their CISO is somewhat effective.

Survey respondents were also asked how their organizations could improve their overall cybersecurity programs. The top responses included increasing cybersecurity training for IT and security professionals, striving to improve the organization’s cybersecurity culture, hiring more staff, increasing the cybersecurity budget, and improving basic security hygiene and posture management.

The Life and Times of Cybersecurity Professionals (Volume 6) is available for free download on the Enterprise Strategy Group website and ISSA website