Artificial intelligence’s influence on cybersecurity continues to increase as more companies invest in these platforms. A report released on Oct. 8 from Sapio Research and Fortinet found that a large majority – 97 percent – of global enterprises use or plan to deploy security tools that leverage some type of AI.
While AI – whether it's generative AI, agentic AI, or another variation – is having a significant effect on enterprise decision-making and cybersecurity strategy, the research also found that executives are concerned about how cybercriminals can exploit AI against their organizations.
This has led many executives to question whether their cyber teams have the skill sets to properly implement these AI platforms and ensure that they are operating effectively. The survey noted that about half of those surveyed – 48 percent – reported that a lack of staff with sufficient AI expertise remains the biggest challenge for these decision makers when it comes to deploying AI in cybersecurity.
“Asked what they foresee as the biggest challenge to integrating AI into cybersecurity,
48 [percent] of IT decision makers point to a lack of staff with sufficient AI expertise,” according to the study, which is based on responses from 1,850 IT and cybersecurity decision makers from 29 countries, including the U.S. “The ability to ensure data privacy and information security was a close second at 47 [percent] – linking back to respondents’ concerns about misinformation, surveillance, and privacy violations.”
The study also found organizations and decision makers continue to worry about the effect of data breaches, with 86 percent of respondents noting that their organization experienced one or more incidents in 2024.
A closer look at the data shows that the reasons these breaches happen vary from one incident to another, but many of those surveyed focused on a lack of skills in the workforce:
- Fifty-six percent noted a lack of security awareness within their organization
- Fifty-four percent noted a lack of IT security skills and training
- Fifty percent noted a lack of cybersecurity products
With AI changing much of cybersecurity – while breaches and attacks continue to disrupt business and put organizations and their data at risk – experts noted that enterprises must continue to invest in cybersecurity talent. At the same time, decision-makers need to ensure that their security staff and leadership are continually upskilling to meet this new reality, said Melonia da Gama, director of training and learning programs at Fortinet.
“From a cybersecurity roles perspective, taking a proactive approach to cybersecurity means an organization’s leadership ensures the team is skilled up and representative where its organization’s gaps exist,” Da Gama told Dice. “This can be accomplished by looking to all populations to hire new professionals with the skills you need, or by upskilling and reskilling employees in growing areas of concern. The latter is a top retention tactic – 48 percent – according to our survey. Training and certification can play a critical role in this area. Based on survey responses: 61 percent report increased cybersecurity skills and knowledge, and 55 percent cite the ability to better perform job tasks due to certifications.”
The report’s data shows that, despite changes and disruptions, the cybersecurity field continues to offer career opportunities and advancement for professionals with the right skills, especially around AI. Industry experts note that more organizations can also help by offering programs to upskill current staff and create other opportunities.
AI Upskilling for Cybersecurity Pros
When it comes to open cybersecurity positions, the Cyberseek job board currently lists more than 500,000 open positions within the U.S., with about 10 percent of those requiring some type of AI knowledge.
The Sapio Research and Fortinet study shows that only 9 percent of those surveyed believe AI will “significantly” replace their roles. At the same time, 87 percent report that AI will enhance major aspects of their security roles.
For those IT and cybersecurity pros with backgrounds in data science and machine learning, there are opportunities to upskill and learn more about AI-specific fields such as prompt engineering, which is becoming an increasingly popular job title.
“One of the most in-demand GenAI skills is prompt engineering, which is driving value across all teams – from security operations to marketing, to compliance, to business development. And people who are diving in and building AI agents are also setting themselves up for future-ready AI skills,” said Diana Kelley, CISO at Noma Security.
In most cases, the basics of prompt engineering can be learned in about a week through online courses and other materials. The real value that cybersecurity pros can add is when they combine prompt engineering skills with knowledge of compliance and regulatory issues, which can help create new opportunities within an organization, Kelley added.
“A compliance expert who is helping a company tune a self-service AI policy bot needs to understand the basics of prompt engineering and AI training,” Kelley told Dice. “What truly drives the value is that the employee’s deep knowledge of what the company policies are and the ability to ascertain if the responses from the bot will work for the user base of the organization.”
A shortage of these AI skills should prompt organizations to invest in upskilling programs and partnerships, whether those are with colleges and universities or with industry-standard certification bodies, said Amit Zimerman, co-founder and chief product officer at Oasis Security.
“These programs should focus on both foundational AI security knowledge and emerging threats like prompt injection. Partnering with universities and industry certification bodies to develop standardized curricula can help bridge the gap,” Zimerman told Dice. “Moreover, encouraging cross-functional collaboration between AI specialists, security professionals, and software engineers can help teams stay ahead of evolving threats.”
For cybersecurity professionals, understanding that AI technologies are changing the security field opens new opportunities for those who develop those skills and seek out ways to learn these platforms. It also helps when the organizations these professionals work for take that same approach and offer programs to help train and upskill, said Fortinet’s da Gama.
“The field of cybersecurity has seen significant expansion and transformation. New technology and roles continue to evolve that did not exist before, and the introduction of AI makes it even more transformative,” Da Gama added. “When thinking about managing resilience for organizations, rather than approaching cybersecurity reactively, leaders need to treat cybersecurity as a strategic, companywide initiative that includes managing risk proactively.”
Addressing Breaches With Cybersecurity Skills
Data breaches and the growing impact these incidents can have on organizations are also reflected in the research. Besides AI, IT and cybersecurity decision-makers are looking for skilled workers to help address these threats.
The results show that in the wake of a breach, 62 percent of respondents want to mandate cybersecurity training in the form of certifications for IT and security personnel. In addition, 67 percent of those surveyed reported that skills shortage creates additional risks for their organizations, and that data, cloud, and network security are the cybersecurity skills organizations need most.
While AI is addressing some of these concerns by automating tasks, Shane Barney, CISO at Keeper Security, noted that having a well-trained and highly skilled human security staff remains essential.
“The organizations best prepared to withstand today’s threats are those that align skilled people, advanced technology, and a culture of accountability,” Barney told Dice. “When teams are empowered to make informed decisions and supported by intelligent, well-governed systems, access remains tightly controlled, visibility stays comprehensive and real-time, and responses are swift and coordinated. That balance of human expertise and technological capability turns cybersecurity from a reactive function into a true driver of resilience.”
These types of cybersecurity teams need professionals with technical skills as well as those who can think critically about security issues and offer solutions as they develop.
“While AI is highly efficient in automating and scaling tasks, human expertise is necessary to interpret complex results, make critical decisions, and apply context-specific reasoning,” Oasis Security’s Zimerman said. “Humans are essential for ensuring that AI-driven tools are used responsibly and for validating the results of AI processes, especially when it comes to the nuances of certain vulnerabilities or threat landscapes.”