The cybersecurity industry has spent the past two years talking about artificial intelligence as a force multiplier.
Security vendors promise faster detection, better analysis, automated remediation, and a future where overwhelmed teams can finally get ahead of attackers. Organizations appear to be buying in. According to a new ISSA and Omdia study, AI adoption is rapidly becoming part of the cybersecurity mainstream, with most practitioners viewing the technology as a positive development.
But beneath the optimism lies a more troubling reality.
The same professionals embracing AI also report rising workloads, increasing stress, worsening complexity, and growing concerns about burnout. The study suggests that while AI may help security teams work more efficiently, it is not addressing the deeper human challenges that continue to plague the profession.
Read the full eBook from Omdia:
AI Is Becoming Standard Operating Procedure
The findings make one thing clear: cybersecurity professionals are not resisting AI.
In fact, many see it as an important tool for improving security operations. Practitioners cite opportunities to automate scanning, improve predictive analysis, accelerate incident response, and streamline remediation activities. AI security skills have also emerged as one of the most sought-after areas of expertise, joining cloud security, application security, and networking among the disciplines organizations increasingly value.
This is hardly surprising.
Every major organization is facing pressure from executives, customers, investors, and competitors to adopt AI.
As Melinda Marks, Practice Director for Cybersecurity at Omdia, notes, security and compliance remain among the biggest obstacles to successful AI adoption. Organizations need strong cybersecurity programs to manage risk while enabling innovation.
Editor's note: The workforce struggles identified in the Omdia research is the focus of our new podcast series, CYBR.Minded. See and read about the first episode here:
Bill Brenner
, and CYBR.SEC.Media
That responsibility is increasingly falling on security teams.
The challenge is that AI isn't replacing existing responsibilities. It is being layered on top of them. Security professionals are now expected to secure traditional infrastructure, cloud environments, applications, identities, third-party ecosystems, and an entirely new class of AI-enabled technologies—all while threat actors continue to expand their own use of automation and AI.
AI may be helping organizations move faster. It is also giving security teams one more thing they need to understand, govern, and defend.
The Human Cost of Modern Cybersecurity
The most striking findings in the report have little to do with technology.
More than two-thirds of respondents said working in cybersecurity has become more difficult over the past two years. The biggest reasons include increased cybersecurity complexity, heavier workloads, expanding attack surfaces, budget pressures, compliance requirements, and understaffed teams.
When respondents were asked about workplace stress, the answers paint a familiar picture.
Overwhelming workloads ranked as the top stressor. Keeping up with the security needs of new initiatives such as AI followed closely behind. Fear of missing an attack, constant emergencies, and projects launched without security oversight were also major contributors. Only 2% of respondents reported feeling no stress in their jobs.
These pressures are increasingly affecting workforce retention.
Nearly half of respondents said they had considered leaving their current cybersecurity job during the past 12 to 18 months. A significant number have even contemplated leaving the profession altogether. High stress, poor work-life balance, limited career advancement opportunities, and weak organizational commitment to cybersecurity were among the top reasons cited.
More on burnout:
Bill Brenner
Lauren Andrus
For an industry already struggling with skills shortages, that should be an alarming signal.
Cybersecurity has spent years talking about talent acquisition. The bigger challenge may be talent preservation.
The Leadership Challenge
The study points toward a solution, and it is not simply buying more technology.
When respondents were asked what would improve cybersecurity programs and culture, the most common answers centered on people: better training, stronger investment in resources, improved collaboration, executive involvement, and greater organizational commitment to security.
Marks believes organizations should focus on building cultures where security teams are respected and trusted for the value they bring to the business.
That idea is reflected throughout the research. Respondents identified leadership commitment to cybersecurity, career development opportunities, and competitive compensation as key drivers of job satisfaction. They also emphasized the importance of collaboration between security, IT, and business teams.
The findings also reveal a changing definition of cybersecurity leadership. Today's CISOs increasingly need business and leadership skills that allow them to communicate risk, influence executive decisions, and align security priorities with organizational goals. Technical expertise remains important, but the role increasingly requires translation, diplomacy, and strategic thinking.
AI may ultimately help security teams become more productive.
But the ISSA/Omdia research suggests the industry's most urgent challenge is not technological. It is human.
The cybersecurity industry has spent years talking about skills shortages. This study raises a more uncomfortable question:
Before organizations worry about finding the next generation of security talent, what are they doing to keep the talent they already have?
More on the cybersecurity career crisis:
Bill Brenner
George V. Hulme
Bill Brenner
