Main image of article AI Alone Won't Solve Cybersecurity's Skills Gap

For decades, the cybersecurity industry has struggled with high stress and burnout among security professionals. The very nature of the work – assessing risk, countering threats, keeping ahead of vulnerabilities, ensuring personal and corporate data is safe – can weigh on CISOs, senior leaders and staff.

The last several years have been especially troublesome for the industry thanks to the growing interest in artificial intelligence, which has the promise of reducing issues like alert fatigue while automating more mundane processes.

These technological advances, however, have failed to reassure cybersecurity professionals. A recent survey conducted by the Information Systems Security Association (ISSA) and Omdia finds that while 83 percent of organizations are currently using or planning to adopt AI for cybersecurity, 68 percent of cyber pros report that their jobs have become more difficult over the last 24 months.

The researchers also found that the cybersecurity skills gap affects three in four organizations. The lack of cyber skills can lead to additional stress, with 44 percent of respondents reporting that their teams are redirected to incident response, while 42 percent report they now carry a greater workload. Another 37 percent report higher burnout and attrition.

The ISSA and Omdia survey, based on responses from 380 IT and cybersecurity professionals collected between January and February 2026, also found that a quarter of respondents reported that while their organizations have increased AI spending, these investments lack a defined strategy connecting these technologies to their people or security programs.

"AI will not close the cybersecurity skills gap on its own," Melinda Marks, practice director for cybersecurity at Omdia and the studys’ lead researcher, noted in a statement accompanying the report. "Organizations getting the most from their security programs need to invest in their people first. Training, inclusion and clear career paths are not soft benefits. They are what makes everything else work."

Other industry experts also noted that AI and the skill sets organizations are now searching for are altering the cybersecurity industry and leading to the stress identified in the ISSA research. It’s also affecting hiring and how CISOs and other security leaders manage their teams, said Robb Reck, the chief information, trust and security officer at Pax8.

“AI isn't replacing cybersecurity professionals this year - it's augmenting them. However, CISOs may still be hesitant to hire. Many organizations are slowing hiring while they wait to see how AI agents will actually perform,” Reck noted. “The candidates who are getting hired? It’s the candidates who lead with an AI-first mindset and can articulate how they'll drive transformation, not just use the tools. Security professionals who treat AI as something that will amplify their work, rather than threaten it, are the ones landing roles.”

SUBHEAD: AI and the Cybersecurity Skills Gap

While AI has not closed the cybersecurity skills gap, the ISSA and Omdia survey shows that these virtual chatbots and other platforms are in widespread use across security organizations. Respondents noted that the top uses for AI include:

  • Automating scanning and testing (50 percent)
  • Predictive risk analysis (48 percent)
  • Threat detection (38 percent)

The increasing use of AI for these types of tasks is changing how cybersecurity organizations hire and which skill sets recruiters and department leaders need, as other studies have shown. This can also affect the attitudes cyber pros have toward their work and how their leadership responds, said Diana Kelley, CISO at Noma Security.

“We're seeing a clear move toward more senior hiring in cybersecurity. AI is accelerating the shift, but it's not the only driver. Budget pressure and a growing expectation that candidates arrive job-ready are pushing employers to hire fewer, more experienced practitioners,” Kelley added. “Organizations don’t need a handful of AI security experts. They need enterprise security teams that can ask the right questions and deploy the right controls to ensure that when AI shows up, it can be adopted quickly without introducing unnecessary risk.”

Ram Varadarajan, CEO at Acalvio, pointed out that many organizations are concerned about the increasing speed of AI-powered threats and are responding accordingly. In turn, vulnerable organizations need a cybersecurity staff that possesses specific skills. Right now, AI-related cybersecurity skills and knowledge are among the most in-demand.

“Security teams can no longer rely on humans doing everything by hand. The model has to change to allow humans to direct AI-driven workflows, just as hackers do. It's fated to be a bot-on-bot duel forever. Teams should start small. Pick a few high-impact workflows where AI provides scale and speed, and humans supply judgment and oversight,” Varadarajan said. “Assume a machine-speed AI-augmented attacker or autonomous AI attack, and defend with machine-speed AI that leverages the adversarial AI's own vulnerabilities.”

SUBHEAD: What Cyber Pros and CISOs Are Looking For

The ISSA and Omdia survey shows that cyber professionals are more satisfied when they feel leadership is driving the cybersecurity strategy. Researchers found that 39 percent of respondents cited the leadership team’s commitment to strong cybersecurity as the No. 1 factor in job satisfaction.

Competitive compensation ranked second at 35 percent.

Cybersecurity professionals also noted that professional development and the ability to work on certifications can help with career advancement and overall job satisfaction. Petri Kuivala, CISO advisor at Hoxhunt, noted that while certifications are good to have and strive for, they need to be part of an overall career-development strategy.

“Certifications fit into a longer-term path as building blocks, not endpoints. They help you structure your learning as you go deeper into areas like identity, cloud, or application security. But what hiring managers are really looking for is a track record,” Kuivala added. “Can you communicate clearly, work across teams and show how you’ve used tools, including AI, to improve your thinking and efficiency? That combination matters much more than any single certification.”

Beyond career development, the survey found that leadership support also plays a significant role in job satisfaction.

At the same time, CISOs themselves rank leadership (37 percent) or business (22 percent) skills as the most important skills, with communication skills also ranking high. The survey also noted that these cyber leaders face pressure from issues such as implementing new technologies and assessing risk, which can weigh on their jobs and their team’s performance.

“Mental health strain in cybersecurity is worsening, and CISOs are carrying the heaviest emotional load. While empathy and emotional intelligence are essential leadership traits today, CISOs cannot become full-time therapists,” Heath Renfrow, co-founder and CISO at Fenix24. “Boards and CEOs must begin treating cyber burnout as a strategic risk, not a personal failing. Moving forward, we’ll see formal wellness support built into security programs, including mandatory downtime post-incident, rotation-based on-call models, and executive mental-health resources.”

Noma Security’s Kelley added that the mounting responsibilities placed on CISOs over the last several years can also affect their teams, particularly as organizations adopt AI.

“CISOs are tasked with improving organizational resilience while managing more assets, platforms and threats,” Kelley noted. “Some of the contributing factors to the workload increase are responsibility increasing faster than authority, with some boards holding CISOs personally accountable for regulatory failures while budgets remain flat for nearly half of security leaders.”