Almost two in five (39%) European IT and cybersecurity professionals report that their organisation is experiencing more cybersecurity attacks than this time last year, while a further 27% report facing a similar number of incidents, according to new ISACA research.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250929413398/en/
Yet despite this rising wave of attacks, confidence in organisational readiness remains low, with fewer than two in five professionals (38%) stating they are completely confident in their organisation's ability to detect and respond effectively.
As attacks continue to increase in scale and scope, the pressure on professionals is growing, with 65% identifying the increasingly complex threat landscape as a major stress factor.
Despite budget and staffing gains, stress levels among cyber professionals remain high
While budgets and staffing show some progress, the pace is not fast enough to ease pressure on professionals. Over half (58%) of those surveyed report that their organisation remains understaffed, only a modest improvement of three percentage points compared to last year. Budgets tell a similar story of slow progress while over half (54%) of professionals say their organisation is underfunded, this has improved slightly from 58% in 2024.
While incremental gains suggest that organisations are beginning to prioritise cybersecurity, professionals on the front line are still feeling this pressure.
More than two-thirds (68%) say their job is more stressful now than it was five years ago, a figure which remains unchanged from last year. Over half (54%) report unrealistic expectations or excessive workloads, 48% highlight poor work-life balance, and more than a third (36%) say their teams lack the right skills or training.
Alarmingly, more than one in five organisations (22%) have still taken no action to address or prevent employee burnout, leaving professionals to manage growing responsibilities with limited support.
"Over the past year, the public has seen first-hand just how impactful cyberattacks can be, with high-profile breaches devastating businesses and dominating headlines," said Chris Dimitriadis, Chief Global Strategy Officer at ISACA. "At the same time, the overall volume of attacks is rising, with almost two in five organisations experiencing more incidents than a year ago.
"While organisations are starting to acknowledge the problem and take steps to address long-standing issues in budgets and staffing, the pace of change is still far too slow. The reality is that cyber criminals are moving faster than most organisations can respond. Now is the time to invest in investing in a more holistically trained cybersecurity workforce, an investment towards customer trust and in gaining competitive advantages, not just a reactive move following an incident."
Ongoing retention and recruitment challenges are limiting digital resilience
More than half of organisations (52%) are struggling to retain qualified cybersecurity professionals, according to those professionals familiar with hiring within their organisations. Entry-level roles are particularly difficult to fill; nearly one in five organisations (19%) have open positions that do not require experience, a degree or credentials, yet almost half (45%) say it still takes three to six months to hire at this level.
Part of the challenge lies in narrow hiring expectations. While just over half of respondents (55%) view a university degree as important for candidates, far more place value on professional credentials (84%) or hands-on training (73%). Expanding recruitment pathways and offering training opportunities for those without conventional backgrounds could help organisations grow their pipeline of talent.
Cybersecurity teams are increasingly involved in AI
Even as staffing and skills shortages persist, cybersecurity teams are increasingly at the forefront of AI governance and implementation. More than half of European professionals (51%) say they have helped develop their organisation's AI governance framework up sharply from 36% last year while 46% are now directly involved in AI implementation (up from 27%).
Beyond governance, AI is already embedded in day-to-day operations, with top uses including threat detection (29%), endpoint security (28%) and routine task automation (27%). These findings point to the accelerating pace of AI adoption and the urgent need for stronger AI security legislation and continuous upskilling, particularly as Europe advances the EU AI Act and NIS2, and the UK prepares forthcoming AI legislation.
ISACA security resources
Access the complimentary report at www.isaca.org/state-of-cybersecurity. ISACA is a nonprofit, vendor-neutral organisation with globally recognised credentials, including its Certified Cybersecurity Operations Analyst (CCOA) and Advanced in AI Security Management (AAISM) credentials. Additional security resources include AI and cybersecurity-focused online courses, including AI Threat Landscape course, and a free webinar featuring ISACA experts McGowan and Safia Kazi discussing the survey results (learn more and register here).
About ISACA
For more than 55 years, ISACA (www.isaca.org) has empowered its community of 185,000+ members with the knowledge, credentials, training and network needed to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters, ISACA offers resources tailored to every stage of members' careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways.
Notes to Editors
All figures are based on fieldwork conducted by ISACA between 9 May and 23 May 2025, amongst a total of 740 business and IT professionals in Europe. In total, ISACA surveyed more than 3,800 business and IT professionals worldwide.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250929413398/en/
Contacts:
firstlight group
Layla Angell, +44 7960 079 643, 020 3617 7240, isacateam@firstlightgroup.io
ISACA
Esther Almendros, +34 692 669 772, ealmendros@isaca.org
