While UK cybersecurity teams are rapidly embracing AI tools, they do not yet have the AI skills needed to safely deploy or defend against a surge in AI powered threats; according to UK data from the latest ISC2 Cybersecurity Workforce Study. It gathered responses from over 950 UK cybersecurity people.
As AI becomes central to cyber defence, UK cyber people report that demand for AI related expertise is outpacing their ability to keep up, creating ISC2 suggests a widening divide between ambition and preparedness. After several years of budget cuts, cybersecurity teams across the UK are beginning to see the first signs of stabilisation, the study suggests. Yet despite financial pressures levelling off, the top driver behind continued skills shortages is the lack of budget to hire (cited by 28 per cent). About three quarters (74pc) of UK cybersecurity teams are already using, testing or evaluating AI driven security tools. However, the workforce is not sufficiently equipped with the skills to support this rapid shift, with AI (42pc%) being the most pressing skills need cited by respondents.
This uptake of AI tools reflects ISC2 suggests confidence in the technology’s ability to strengthen day-to-day security operations. Some UK respondents are enthusiastic about the potential of AI to strengthen their networking monitoring (according to 38pc), security operations (34pc) and threat modelling (30pc). However, the workforce has not yet fully developed the AI knowledge required to operate, manage and secure these systems effectively. Most, 95pc of those responding say they have at least one area where employees require additional skills – up from 91pc in 2024. AI is lifting productivity as most, 70pc say their efficiency improved once AI tools were introduced.
AI enabled threats
According to those surveyed, AI-enabled threats are rising sharply: 43pc spoke of facing AI powered social engineering; 29pc experienced data leakage; 23pc suspect AI ‑powered attacks; and 26pc reported AI related breaches. While AI adoption is high across all sectors, smaller workplaces were the most likely to report multiple (67pc) AI related security incidents, highlighting the uneven distribution of expertise, the survey suggests.
Readiness
For AI to genuinely reinforce the UK’s cyber resilience, organisations will need to invest not only in new technologies but in the people responsible for operating and safeguarding them, according to the certification body. This means focusing on developing AI related capabilities within teams, particularly as many businesses continue to face hiring constraints, ISC2 adds.
About ISC2
Pronounced ISC squared, the London chapter has a conference on November 19. Visit ISC2.org.
