Security leaders often feel prepared for a major cyber incident, but performance data shows a different reality. Teams continue to miss key steps during practice scenarios, and the gap between confidence and capability keeps growing. Findings from Immersive’s Cyber Workforce Benchmark Report show the habits that hold readiness back and the areas security leaders must address to make progress.
Confidence keeps rising while capability stalls
Most organizations now describe their readiness programs as mature. Boards receive regular updates, and security teams report high participation in training. Security leaders see activity and assume skills are improving.
The performance data does not support that view. Measures of readiness have stayed flat. Response times have not improved. Accuracy during decision making remains low. Teams struggle in scenarios that require quick action across both technical and business roles.
This gap exists because many organizations track activity instead of capability. Completion rates and attendance numbers create the appearance of maturity. These metrics offer comfort, but they do not reflect whether teams can act under pressure. Confidence rises while performance does not.
Why performance has flatlined
The report identifies several causes behind the lack of progress. These issues shape how teams train and how organizations view their own maturity.
Training focuses on familiar threats: Many exercises still center on older or well known attack types. These scenarios help reinforce the basics, but they do not match the tactics used in current intrusions. Teams continue to practice for yesterday’s attacks while new techniques take hold.
Skills do not advance beyond the fundamentals: Large parts of the workforce remain focused on early stage skills. Intermediate and advanced topics receive less attention. When most training reinforces only the basics, capability reaches a limit that teams cannot push past.
The business is not part of the response: Incidents affect legal, communications, human resources, finance, and executive leadership. Yet many organizations do not include these groups in simulations. When an event occurs, the lack of practiced coordination slows the entire response. Technical teams cannot cover gaps created when business roles are unprepared.
Framework alignment misses attack behavior: Training often follows compliance frameworks instead of threat models. These frameworks support audits, but they do not always reflect how attackers operate. Teams focus on the early stages of an intrusion and spend little time on phases such as lateral movement, collection, or exfiltration. These blind spots remain hidden until an attacker reaches them.
AI raises the stakes for readiness
Security leaders expect a steady rise in AI supported attacks, including synthetic media, adaptive phishing, harmful prompts, and code that introduces new weaknesses. The report shows uneven participation in AI focused exercises. Senior technical staff engage less, while non technical managers engage more. This imbalance can increase risk. Experience helps with familiar threats, but it can limit adaptability when threats evolve.
Teams need practice that challenges old patterns and prepares them for unfamiliar scenarios. Without this shift, organizations will remain slow to respond to AI driven incidents.
“Readiness isn’t a box to tick, it’s a skill that’s earned under pressure. Organizations aren’t failing to practice; they’re failing to practice the right things,” said James Hadley, Chief Innovation Officer at Immersive.
Why boards believe in readiness more than they should
Boards often see positive updates because teams report the metrics they track. When organizations measure only what is easy to count, such as participation or policy completion, boards see progress that does not reflect capability. This creates a cycle in which investment and confidence rise even as performance remains unchanged.
Security leaders often recognize these gaps but lack the performance evidence needed to change the discussion. Without performance data, perception will continue to outrun reality.