A new series of reports from Hack The Box (HTB) challenges the traditional reliance on compliance as the primary measure of cybersecurity readiness. The global leader in gamified cybersecurity upskilling has released three sector-specific assessments for healthcare, finance, and Managed Security Service Providers (MSSPs), analyzing data from over 4,500 professionals across 795 teams. The compelling conclusion is that while organizations may excel at visibility and detection, they often lack the deep technical capabilities required to effectively prevent, contain, or recover from modern cyberattacks, leaving critical systems vulnerable.
Quick Intel
Hack The Box released cyber skills reports for healthcare, finance, and MSSP sectors.
Data shows a critical gap between compliance and practical technical capabilities.
Healthcare shows strong detection but weak prevention and post-breach containment.
Finance excels in visibility but lacks depth to neutralize advanced threats.
MSSPs are strong generalists but lack offensive security and threat emulation depth.
The findings advocate for a shift from auditing to capability-based resilience.
Sector-Specific Vulnerabilities Exposed
The reports reveal persistent, sector-specific skills gaps that undermine security postures. In the healthcare sector, teams demonstrate strong OSINT and detection capabilities but are weak on prevention, with high-risk exposure points in persistence and lateral movement after a breach. Financial institutions excel in threat visibility yet lack the technical depth to neutralize threats effectively and are facing emerging vulnerabilities in blockchain and smart contract environments. For MSSPs, the data indicates a concerning trend: while they scale monitoring and incident response well, they struggle with the offensive security and adversary emulation capabilities critical for proactively protecting client environments from advanced threat actors.
“Cyber threats evolve daily, yet many organizations still measure readiness through compliance alone,” said Haris Pylarinos, CEO and founder of Hack The Box. “What the data shows is that resilience comes from capability. We need to rethink how we prepare our teams, not just how we audit them.”
The analysis, which encompassed 40 practical challenges, provides a clear, data-driven foundation for understanding how technical skill shapes cyber resilience. By moving beyond checkbox compliance, the Cyber Skills Benchmark 2025 Report highlights where skills are strong, where critical gaps remain, and where strategic investment in hands-on, practical training is most needed to meet the evolving demands of the security landscape. This shift in focus is essential for organizations to build a genuinely resilient defense against sophisticated cyber threats.
Hack The Box is the leading cybersecurity readiness and upskilling software platform, trusted by Fortune 500 enterprises, government organizations, and MSSPs to build cyber resilience at scale. Through AI-enhanced intelligence, gamified labs, live-fire simulations, and the power of one of the world’s largest cybersecurity communities, Hack The Box helps teams master offensive and defensive skills in the age of AI through real-world scenarios. Founded in 2017, Hack The Box has grown its global community of over 4 million members and 1,500 enterprises, helping organizations validate resilience, mitigate breach risk, and develop cyber talent.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.