The newly released ISACA State of Cybersecurity 2025 Report makes one point clearer than ever: the challenges facing cybersecurity teams are no longer just technical. They are human, organizational, and cultural.
๐ Key Findings That Matter
Soft skills are the #1 skills gap
59% of respondents say soft skills are the largest skills gap in cybersecurity โ bigger than cloud, data security, or automation.
Critical thinking (57%), communication (56%), problem solving (47%), teamwork (45%), and adaptability (40%) top the list.
Adaptability outranks technical experience
For the first time, adaptability is considered more important than prior cybersecurity experience in hiring decisions. In a rapidly changing threat landscape, flexibility and influence skills matter more than tenure.
Stress and burnout are rampant
66% of professionals report higher stress than five years ago. Complexity, poor communication, and unrealistic workloads fuel disengagement and turnover.
Board buy-in depends on communication
Only 56% of boards adequately prioritize cybersecurity. Where they do, budgets are stronger, retention is higher, and confidence improves. The missing link? Leaders who can persuade and influence the board with clarity and trust.
AI adoption adds both opportunities and risks
Cyber teams are increasingly tasked with shaping how AI is implemented. Persuasion and governance skills will decide whether security voices carry weight in AI decisions.
Why This Matters to Leaders
- For CISOs: Your success isnโt defined by technical defenses alone โ itโs by your ability to influence boards, regulators, and executives. Without persuasive communication, budgets and resources stay flat.
- For Cyber Professionals: Technical mastery wonโt carry you forward. Adaptability, trust-building, and soft skills now determine who gets hired, promoted, and retained.
- For Governance Leaders: Cybersecurity oversight is only effective when leaders can translate technical risks into persuasive narratives that earn board action.
- For HR Executives: The report validates what many HR leaders already sense: investing in certifications alone doesnโt close the skills gap. Influence, communication, and critical thinking are the real differentiators.
๐ Call to Action
The ISACA report confirms what many forward-thinking organizations already know:
- Cybersecurity is a people business.
- Soft skills drive Cybersecurity ROI - for departments AND people.
- Trust and persuasion are the missing layer of resilience.