New Study Shows 83% of Organizations Are Adopting AI for Cybersecurity, But Cyber Pros Say the Job Has Become Harder

BRITTON, S.D.--(BUSINESS WIRE)--The Information Systems Security Association (ISSA) and Omdia today released Volume VIII of the Life and Times of Cybersecurity Professionals, the longest-running annual study of the cybersecurity workforce. As attackers leverage AI to scale attacks and organizations invest in AI-powered security tools, the professionals using them are burning out, being left out of decisions, and thinking about leaving the field.

83% of organizations are currently using or planning to adopt AI for cybersecurity, but the data reveals a critical gap between technology investment and workforce reality:

• Top AI use cases include automating scanning and testing (50%), predictive risk analysis (48%), and threat detection (38%).
• 68% say the job has become harder over the past two years, even as AI adoption has accelerated.
• 25% have increased AI spending without a defined strategy connecting it to their people or security program.
• Beyond AI, the study examines job satisfaction, the skills shortage, organizational culture, and the evolving CISO role.

"Eight years of data point to the same conclusion," said Jimmy Sanders, President of ISSA. "The profession is struggling not because talent is scarce, but because organizations are not investing enough in the people they already have. That is the leadership opportunity in front of us right now."

The numbers behind that verdict are consistent across every edition of the study. Close to half of respondents have thought about leaving their role in the past 18 months, and among those, 57% have considered leaving cybersecurity entirely. 71% say technology decisions get made without the security team at the table. CISO appointments fell from 76% to 63% in a single year.

"AI will not close the cybersecurity skills gap on its own," said Melinda Marks, Practice Director, Cybersecurity at Omdia and the study's lead researcher. "Organizations getting the most from their security programs need to invest in their people first. Training, inclusion, and clear career paths are not soft benefits. They are what makes everything else work."

39% cite leadership commitment as the top driver of job satisfaction, above compensation and technology investment. 54% say seeking an apprenticeship, internship, or mentor is among the most valuable steps for anyone entering the field.

"What sustains people in this profession long-term is not any one technology or program," said Dr. Shawn Murray, Immediate Past President of ISSA. "It is connection. Access to peers who understand the work, mentors who have navigated the same challenges, and a community where your development is taken seriously. That is what professional associations exist to provide, and it is something no AI tool replaces."

The full ebook is available at https://issa.org/life-and-times-of-cybersecurity-professionals-volume-viii/

About ISSA: ISSA, the Information Systems Security Association, is the cybersecurity profession's longest-standing member organization, connecting the cybersecurity workforce at every level and career stage through peer networks, professional development, research, and local chapter communities worldwide. ISSA is where building a career in cybersecurity gets the support it deserves.

About Omdia: Enterprise Strategy Group, now part of Omdia, provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling. Melinda Marks serves as Practice Director, Cybersecurity.