The cybersecurity industry is at a crossroads. Artificial intelligence is simultaneously transforming how security teams defend organisations and disrupting the professionals who do that work. Budgets are tightening, workloads are climbing, and the skills required to stay effective are shifting at a pace that can feel relentless. For cybersecurity leaders, the challenge isn't just deploying the right AI tools — it's guiding their people through one of the most significant workforce transitions the industry has ever seen.

This post breaks down exactly what is happening on the ground, what the data tells us about team stress and morale, and — most importantly — what leaders and individual practitioners can do about it right now.

The Scale of the Shift: What the Data Actually Shows

The numbers paint a striking picture of an industry under pressure.

Job satisfaction among cybersecurity professionals has declined from 74% in 2022 to 66% in 2024, and 74% of respondents report that the current threat landscape is the most challenging they have experienced in the last five years.

The 2025 ISC2 Cybersecurity Workforce Study — the largest of its kind,

surveying a record 16,029 cybersecurity professionals

— confirms that stress is not easing.

Almost half (48%) of respondents feel exhausted from trying to stay current on the latest cybersecurity threats and emerging technologies, and 47% feel overwhelmed by the workload.

Meanwhile, the very nature of the threat has evolved.

According to the Fortinet 2025 Cybersecurity Skills Gap report, 49% of cybersecurity leaders are concerned that AI will increase the volume and sophistication of cyberattacks, and artificial intelligence has become both an indispensable tool and a new vector of risk, expanding the scale, sophistication, and speed of potential attacks.

In short: teams are being asked to do more, with fewer resources, against smarter adversaries.

Burnout in the SOC: A Crisis That Automation Hasn't Solved Yet

Security Operations Centres (SOCs) sit at the eye of this storm.

Organisations in 2025 face an average of 2,244 cyberattacks per day, with 71% of SOC staff rating their workload between 6 and 9 out of 10 in difficulty.

Despite widespread AI adoption, burnout has not meaningfully receded.

A global survey of 1,813 IT and cybersecurity professionals found that despite the rise of AI and automation, cybersecurity teams still spend on average 44% of their time on manual or repetitive work.

A full 81% said security workloads increased in 2025, with more than three quarters (76%) experiencing burnout and 39% attributing that burnout specifically to heavy workloads.

The gap between AI's potential and its current impact on wellbeing is real. Teams have the tools, but workflows haven't been redesigned to take full advantage of them.

The right technology matters, but adding more tools to already broken processes only amplifies the strain on teams — organisations need to reevaluate the underlying workflows to identify where AI can make the biggest difference every day.

There is, however, a compelling link between visibility and resilience. Research from Bitsight reveals that

organisations that lack asset discovery or monitoring have a 63% burnout rate, compared to a 44% burnout rate among organisations that use risk data and asset monitoring to discover and prioritise exposure mitigation.

Organisations that go further — continuously monitoring assets, mapping threats across environments, and contextualising data with business impact — see burnout rates drop even lower, to 32%.

Skills, Not Headcount: The Real Workforce Problem

One of the most important insights from recent research is a fundamental shift in how cybersecurity workforce gaps should be understood.

A shift is happening. The most pressing concern for cybersecurity teams isn't headcount but skills, with skills deficits raising cybersecurity risk levels and challenging business resilience.

The majority of respondents (95%) reported at least one skill need — a 5% increase from 2024 — and 59% cited critical or significant skill needs, a 15% increase from 2024.

AI was the most pressing skills need (41%) cited by respondents, followed by cloud security (36%).

This matters hugely for workforce strategy. Hiring alone won't close the gap.

The economic and budget issues that have held back or diminished hiring have also contributed to knowledge and competency deficits within organisations, which must find ways to widen their skills base — including investing in existing personnel through multiskilling — despite budgetary constraints.

Interestingly,

the top five skills hiring managers are looking for are all nontechnical: problem solving (29%), collaboration (24%), communications (22%), willingness to learn (20%), and strategic thinking (16%).

The human element in cybersecurity has never been more valuable — even as AI takes on more technical load.

AI as Opportunity, Not Just Disruption

It would be easy to frame AI purely as a source of anxiety for security teams. But the evidence suggests a more nuanced — and ultimately optimistic — picture.

Those within the cybersecurity workforce who are actively using AI tools are positive about the current and future impact of the technology, seeing opportunities for skills development and the creation of new jobs. They continue to see a symbiotic future where AI enhances the cybersecurity working experience rather than replacing skilled personnel.

Encouragingly, 87% of cybersecurity professionals expect AI to enhance key aspects of their roles, while only 2% believe it will replace them entirely.

On the operational side,

AI is transforming how security operations function — detecting abnormal patterns, correlating massive volumes of alerts and automating repetitive tasks, freeing analysts to focus on strategic priorities and faster incident response — with a 2025 study showing 88% of security teams reporting significant time savings through AI.

By automating routine tasks, AI enables analysts to focus on more strategic and intellectually stimulating aspects of cybersecurity, such as threat hunting, incident investigation, and security architecture improvements — a shift that not only improves job satisfaction but also allows analysts to develop higher-value skills.

The CISO Pressure Cooker

Cybersecurity leadership is bearing a disproportionate share of the strain.

AI has become a double-edged issue for CISOs, with shadow AI adoption inside enterprises creating even more headaches for cybersecurity management.

When employees quietly adopt AI tools without informing security teams, it creates blind spots that undermine risk management and incident response.

The number of companies with full-time CISOs dropped to 63%, from 76% in 2024, while the use of fractional CISOs has increased to 15%, from just 6% in 2024.

This structural shift reflects both the growing stress of the role and a changing market for strategic security leadership.

If leaders don't help teams reduce pressure and develop the skills needed for AI-driven security work, burnout will continue and experienced practitioners may leave, increasing organisational risk.

Retention is a ticking clock:

employers and hiring managers need to ensure that cybersecurity professionals feel seen and heard, and that they have access to opportunities to advance in their careers and knowledge to remain relevant — because retention may become a significant challenge when the job market improves.

Practical Tips: What to Do Right Now

Whether you're a CISO, team lead, or individual analyst, these evidence-backed strategies can help you navigate AI-driven change without burning out your team or yourself.

For Leaders and Security Managers:

Shift strategy from "hiring gaps" to "capability gaps" — map required competencies versus existing team strengths and establish structured multiskilling programmes, such as cross-training SOC analysts into cloud security and GRC professionals into AI governance.

70% of cybersecurity professionals are already pursuing AI qualifications, and most expect AI to create more strategic and communication-focused roles.

Give your team structured time and resources to develop these skills.
- Tie workforce health to risk metrics. Present staffing shortfalls and burnout rates to the board in the language of business risk — incident response times, control maturity, and threat exposure — not just HR indicators.
- Address shadow AI proactively. Create clear, accessible policies for AI tool adoption so employees engage security teams before deploying new tools, not after an incident.

For Individual Practitioners:

The top benefits of automation include higher productivity (48%), faster response times (41%), and better data accuracy (40%).

Actively seek AI tools that handle your most draining repetitive tasks.
- Prioritise visibility. When you have clear, contextualised data on what risks matter most, decision fatigue and reactive firefighting decrease significantly.
- Pursue continuous learning with intention.

73% of cybersecurity professionals are building their skill sets, 52% are focusing on becoming more strategic contributors, and 48% are learning more AI-related skills.

Join them — with a structured plan, not just ad hoc courses.

Conclusion: The Future Belongs to Adaptive Teams

The AI revolution in cybersecurity is not a distant threat or a distant opportunity — it is happening right now, reshaping roles, rewriting skills requirements, and redefining what it means to protect an organisation. The teams that will thrive are not those with the most tools, but those whose leaders invest in people as seriously as they invest in technology.

Organisations that invest equally in advanced tools and skilled people will be best positioned to withstand the next wave of threats — and ultimately, the future of cybersecurity will belong to those who can harness the strengths of both AI and human intelligence.

The stress is real. The change is accelerating. But so is the opportunity. Start with one workflow, one skills programme, or one honest conversation with your team — because the organisations winning the cybersecurity battle tomorrow are the ones investing in their people today.

Is your organisation struggling to balance AI adoption with team wellbeing? Whether you're building a resilience strategy from scratch or trying to close a critical skills gap, speaking with a cybersecurity workforce consultant can help you turn these challenges into a competitive advantage. Get in touch today to start building the adaptive, AI-ready security team your organisation needs.