33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection, according to O’Reilly. This highlights the need for specialized training as AI adoption continues to accelerate across industries.
Critical skills gaps emerging in AI and cloud security
Cloud security expertise also emerges as a significant concern. Despite cloud computing’s two-decade presence, 38.9% of respondents identified cloud security as the most significant skills shortage. This revelation underscores a lag in expertise as organizations continue their cloud migration journeys, potentially leaving them vulnerable to cloud-specific security threats.
Looking ahead, AI-enabled security tools rank as the top priority for the coming year (34.4%), with security automation following closely behind (28.2%), signaling a strong push toward automation in cybersecurity defenses.
“Our global survey underscores a security landscape in flux, with critical skills gaps emerging in AI and cloud security,” said Laura Baldwin, president of O’Reilly. “As cyber threats become increasingly sophisticated, it’s clear that continuous, high-quality training is no longer optional; it’s essential. Organizations must prioritize ongoing upskilling to stay ahead of evolving risks and build robust defenses.”
In an era of sophisticated cyberattacks, 55.4% of respondents still cite phishing as the primary security concern, followed by network intrusion (39.9%) and ransomware (35.1%). The persistence of a “low-tech” threat emphasizes the critical need for comprehensive employee training.
88.1% of tech professionals have adopted multifactor authentication, 60.1% have implemented endpoint security, and 49.2% have adopted a zero trust model.
Security pros rely on online courses, books and videos
Despite 51.3% of companies requiring certifications for hiring, 40.8% of security team members remain uncertified. This gap is pronounced among incident responders (70% uncertified) but less so for CISOs (33.3% uncertified), highlighting varying certification cultures across security roles. CISSP and CompTIA Security+ are the most required and desired credentials.
80.7% of employers mandate continuing education for security professionals, with 32.2% requiring 41 or more hours annually. This emphasis on ongoing training reflects the rapidly changing threat landscape.
Security professionals emphasize the importance of continuous learning, utilizing online courses (88.8%), books (76.6%), and videos (75.2%) to stay updated on best practices and emerging threats.
The survey also found that better security awareness training for all employees (40.1%) was identified as the most crucial step in improving an organization’s security posture, outranking additional staffing and better security tools.
“Our survey reveals a seismic shift in the security landscape—it’s no longer just an IT concern, but a company-wide imperative,” said Baldwin. “While certifications like CISSP remain crucial, we’re seeing critical skills gaps in cloud and AI security. To truly protect us, we need high-quality, continuous learning that goes beyond exam preparation and empowers every employee to be a frontline defender against evolving threats.”
Fill out the form to get your guide: