New ISACA Study: Despite Understaffed Cybersecurity Teams, Fewer Enterprises Are Training Staff for Security Roles

ISACA's State of Cybersecurity 2025 survey report also finds that 83 percent of India-based security professionals expect the demand for technical cybersecurity pros to rise in the next year, compared to 70 percent globally

Bangalore, India, 7th October 2025 - While 40 percent of India-based cybersecurity teams are understaffed and 68 percent have unfilled cybersecurity positions, ISACA's new State of Cybersecurity 2025 survey report, which explores insights into cybersecurity skills, hiring trends, budgets, cyber risk, and the role of AI, finds that fewer enterprises are training non-security staff to move into security roles.

These revealing statistics further highlight that just 34 percent of enterprises provide this training, compared with 50 percent the previous year. However, 39 percent of respondents indicate that more than half of their current cyber staff members transitioned from roles outside the field, according to the 11th annual global survey report.

Commenting on the survey, RV Raghu, ISACA India Ambassador, and director, Versatilist Consulting India Pvt Ltd, said, "India's cybersecurity landscape is at a pivotal point, with rising demand for skilled experts to navigate a complex threat landscape, in the midst of persistent talent shortages and underinvestment in staff training, which leave enterprises vulnerable. To defend against today's sophisticated threats, Indian organisations must invest not only in advanced technologies but also in developing adaptable, well-supported cybersecurity teams."

Insights into staffing resources

Survey respondents indicate there is a high demand for technical cybersecurity professionals, but challenges with hiring and retention persist. Thirty-eight percent of Indian respondents say it takes three to six months to hire for entry-level roles, and 42 percent say the same for non-entry-level roles. More than half (55 percent) of the respondents in India admit their organisations struggle to retain cyber talent. However, 83 percent of Indian cybersecurity professionals expect demand for technical contributors to rise (compared to 70 percent globally).

Fewer Indian respondents are indicating their budgets are underfunded (42 percent compared with 57 percent last year), and 65 percent expect budget increases (up from 62 percent). This is compared to a more pessimistic view globally, with 53 percent of global respondents indicating their budgets are underfunded (compared to 59 percent last year), and only 41 percent expecting budget increases.

Adaptability, soft skills in demand

In an environment where technology and threats are constantly changing, the top qualifications in demand in India have adjusted as well- with prior cybersecurity experience now the top qualification factor (76 percent), closely followed by adaptability (73 percent).

Respondents in India noted that of the skills gaps witnessed in cybersecurity professionals, soft skills are at the top (56 percent)-specifying that the key soft skills needed include critical thinking (55 percent), problem-solving (52 percent) and communication (51 percent).

A greater voice in AI implementation, policy

Indian respondents indicate that they are increasingly using AI in their work, as well as AI policy is playing a larger role across organizations. Fifty percent of Indian respondents state that they have helped develop AI governance (up from 31 percent last year), and 46 percent have been involved in AI implementation (up from 29 percent). The main uses of AI in security operations included automating threat detection/response (42 percent), endpoint security (37 percent) and routine task automation (33 percent).

Complex threat landscape, high stress

The report further states that today's complex threat landscape in India is dominated by exploited vulnerabilities, with 52 percent of respondents noting this as the top attack type used against their organisation, followed by ransomware (48 percent) and denial of service (38 percent). Twenty-seven percent of cybersecurity professionals in India report increased attacks this year.

Twenty-five percent of Indian cybersecurity professionals believe an attack on their organisation is likely or very likely in the next year. Additionally, 31 per cent believe cybercrime is underreported, even when reporting is required.

It may not come as a surprise, then, that 59 percent of the Indian cybersecurity professionals surveyed also said that their role is more stressful now than five years ago, with 60 percent citing the complex threat landscape as their top stressor. Globally, high stress is cited as the top reason for attrition. Among Indian respondents, it features among the top reasons for attrition (40 percent), behind by limited promotion and development opportunities (48 percent) and poor financial incentives (45 percent).

"Cybersecurity professionals are navigating an increasingly complex threat landscape, marked by the rapid evolution of cyber threats and an uptick in the frequency and sophistication of attacks. More cyberattacks in the coming year are likely to exacerbate pressure on cybersecurity staff, making it even more important to routinely evaluate support systems and training resources to improve their cybersecurity capabilities and resilience," says Chris McGowan, ISACA principal, information security professional practices. "It's imperative that organisations not only bolster their defences but also prioritise the well-being of their cybersecurity teams."

Additional security resources

A free ISACA webinar featuring McGowan and Safia Kazi, ISACA principal, privacy professional practices, will be available on demand for a year at https://store.isaca.org/s/community-event?id=a33VQ000001SN4LYAW.

ISACA offers a range of other cybersecurity credentials, resources and training for cybersecurity professionals at every stage in their career, including its recently introduced Certified Cybersecurity Operations Analyst (CCOA) and Advanced in AI Security Management (AAISM) credentials, and AI and cybersecurity-focused online courses, including AI Threat Landscape.

Access the free State of Cybersecurity 2025 report at www.isaca.org/state-of-cybersecurity. Explore additional ISACA cybersecurity resources at www.isaca.org/resources/cybersecurity.


About ISACA
ISACA® (www.isaca.org) champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers-helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.

LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews/

Contact: Madhulina Das: madhulina@prhub.com - 8777787243
Santhosh Jochim: santosh@prhub.com - 7892772953

No 22, Samson Arcade, Andree Road, Shantinagar

About ISACA
ISACA® (www.isaca.org) champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers-helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.

This release was published on openPR.