_and_Omdia.jpg)
A new cybersecurity workforce study from the Information Systems Security Association (ISSA) and Omdia reveals a growing disconnect between rising investments in artificial intelligence and the realities faced by cybersecurity professionals. While organizations continue to adopt AI-powered security tools to improve threat detection and risk management, many security teams report increasing workloads, burnout, and limited involvement in key technology decisions.
The findings come from Volume VIII of the Life and Times of Cybersecurity Professionals report, the industry's longest-running annual workforce study, which examines workforce trends, job satisfaction, leadership dynamics, skills shortages, and the evolving role of cybersecurity professionals.
Organizations are increasingly turning to AI technologies to strengthen cybersecurity operations, automate repetitive tasks, and improve threat detection capabilities. According to the study, AI-powered scanning and testing, predictive risk analysis, and threat detection are among the most widely adopted use cases.
However, the research suggests that increased AI investment alone is not translating into improved workforce experiences. Many cybersecurity professionals report growing complexity in their roles despite the introduction of advanced technologies.
"Eight years of data point to the same conclusion," said Jimmy Sanders, President, ISSA.
"The profession is struggling not because talent is scarce, but because organizations are not investing enough in the people they already have. That is the leadership opportunity in front of us right now."
The study highlights ongoing concerns around employee retention and workforce sustainability within the cybersecurity sector. Close to half of respondents reported considering leaving their current role during the past 18 months, while 57% of those individuals have also considered leaving the cybersecurity profession altogether.
Researchers suggest that burnout, increasing workloads, and limited career development opportunities continue to affect workforce stability despite significant investments in cybersecurity technologies.
"AI will not close the cybersecurity skills gap on its own," said Melinda Marks, Practice Director, Cybersecurity, Omdia, and the study's lead researcher.
"Organizations getting the most from their security programs need to invest in their people first. Training, inclusion, and clear career paths are not soft benefits. They are what makes everything else work."
The report also points to a growing concern around organizational governance and security leadership. According to the findings, 71% of cybersecurity professionals believe technology decisions are being made without adequate input from security teams.
In addition, the percentage of organizations appointing Chief Information Security Officers (CISOs) declined from 76% to 63% within a year, raising concerns about executive-level cybersecurity representation.
These findings suggest that many organizations may be underutilizing cybersecurity expertise when making strategic technology and risk management decisions.
While compensation and technology investments remain important factors, respondents identified leadership commitment as the most significant driver of job satisfaction. Approximately 39% cited leadership support as their top factor influencing workplace satisfaction.
The study also emphasizes the importance of mentorship and professional development. More than half of respondents said apprenticeships, internships, and mentorship opportunities are among the most valuable pathways for individuals entering the cybersecurity field.
"What sustains people in this profession long-term is not any one technology or program," said Dr. Shawn Murray, Immediate Past President, ISSA.
"It is connection. Access to peers who understand the work, mentors who have navigated the same challenges, and a community where your development is taken seriously. That is what professional associations exist to provide, and it is something no AI tool replaces."
The report concludes that while AI will continue to play an important role in strengthening cybersecurity operations, organizations must prioritize workforce development alongside technology investments. Training, mentorship, career advancement opportunities, and greater inclusion in strategic decision-making are emerging as critical factors for long-term cybersecurity resilience.
As cyber threats become more sophisticated and AI-powered security tools gain traction, the study suggests that the success of cybersecurity programs will depend not only on technology adoption but also on an organization's ability to support, develop, and retain skilled professionals.
About ISSA:
ISSA, the Information Systems Security Association, is the cybersecurity profession's longest-standing member organization, connecting the cybersecurity workforce at every level and career stage through peer networks, professional development, research, and local chapter communities worldwide. ISSA is where building a career in cybersecurity gets the support it deserves.
About Omdia:
Enterprise Strategy Group, now part of Omdia, provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling. Melinda Marks serves as Practice Director, Cybersecurity.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.