ISACA's 2025 State of Cybersecurity research, surveying European IT and cybersecurity professionals, reveals escalating threats amid lagging resources. Nearly two in five (39%) report more attacks than last year, 27% similar incidents, but only 38% are confident in detection/response capabilities. Despite gains, 58% remain understaffed (down 3pp from 2024) and 52% underfunded (down 6pp), with 68% saying their jobs are more stressful than five years ago—unchanged from 2024.
The report highlights a "rising wave" of attacks, with 61% understaffed teams struggling to cope. Stress factors include excessive workloads (54%), poor work-life balance (48%), and skill gaps (36%). Alarmingly, 22% of organizations ignore burnout prevention, exacerbating turnover.
"Over the past year, the public has seen first-hand just how impactful cyberattacks can be," said Chris Dimitriadis, Chief Global Strategy Officer at ISACA. "While organisations are starting to acknowledge the problem and take steps to address long-standing issues in budgets and staffing, the pace of change is still far too slow. The reality is that cyber criminals are moving faster than most organisations can respond."
Hiring remains tough: 52% face retention issues, with 50% leaving for competitors and 46% due to limited development. Entry-level roles (19% open) take 3-6 months to fill despite no degree/credentials needed. Experts advocate broader pathways, valuing credentials (84%) and training (73%) over degrees (55%).
Cyber teams are central to AI: 51% developed governance frameworks (up from 36%), 46% handle implementation (up from 27%). Top uses: Threat detection (29%), endpoint security (28%), task automation (27%). With 74% staff using GenAI (up 10pp), only 32% organizations have formal policies, highlighting upskilling urgency amid EU AI Act and NIS2.
ISACA's findings, from a May 2025 survey of ~39,000 members/non-members, call for holistic training and proactive investment to build resilience. Download at www.isaca.org/state-of-cybersecurity.
For more than 55 years, ISACA® (www.isaca.org) has empowered its community of 185,000+ members with the knowledge, credentials, training and network needed to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters, ISACA offers resources tailored to every stage of members’ careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.