AI Skills Rise to the Top of Cybersecurity Training Agendas, Urgency Increases
In a significant shift within the cybersecurity landscape, a recent survey conducted by ISC2 highlights that artificial intelligence (AI) skills have surged to the forefront of training priorities for security teams. This finding, part of the 2026 Security Training Trends report, underscores the urgent need for organizations to enhance their workforce’s AI competencies in response to the fast-evolving digital threat landscape.
The ISC2 survey reveals that 47% of security leaders identified AI skills as the most crucial training requirement—outpacing other essential areas such as cloud computing security and security analysis. Furthermore, 40% of participants anticipate that advancements in AI will precipitate new training needs within the next year. Notably, 28% of respondents referred to progress in agentic AI, and 24% pointed to automation in cybersecurity as significant factors for increased training demand. The survey encompassed 995 security leaders in managerial positions or above across several countries, including the United States, United Kingdom, Canada, Germany, India, and Japan.
Casey Marks, the Chief Operating Officer at ISC2, remarked on the unique nature of the ongoing AI transition, distinguishing it from previous technological shifts like cloud migrations. Unlike those gradual processes, the rise of AI presents an immediate and unpredictable challenge for security teams. “We don’t even know what we need yet,” Marks noted, emphasizing that the resources required extend broadly to tools, training, and methodologies surrounding AI.
This prevailing uncertainty has prompted organizations to pivot away from generic training curricula typically supplied by external vendors. Instead, they are increasingly opting for in-house training programs tailored to their specific tools, configurations, and unique use cases. The survey indicates that 63% of organizations now develop and deliver security training primarily in-house, marking a substantial reliance shift away from third-party providers, which account for only 9% of training sources.
Marks articulated the benefits of customized in-house training, stating, “You can actually say this is how we’re doing it here, and this is how we do it at home, and we can build our training based on that environment.” This tailored approach allows organizations to address their specific needs while ensuring alignment with their operational contexts.
As AI technologies integrate deeper into organizational processes, Chief Information Security Officers (CISOs) are expected to play a pivotal role in prioritizing training initiatives. The survey found that over half of the security leaders, specifically 54%, reported that the adoption of new technologies acts as a catalyst for training requirements. Training, according to Marks, should seamlessly align with the rollout of new AI products and innovations.
Despite the critical need to quickly equip teams with AI-related competencies, the survey also revealed a widening skills gap in the cybersecurity realm. A concerning 59% of security leaders reported having critical or significant skills shortfalls on their teams, a marked increase from 44% in the previous year. Nearly all respondents acknowledged skills gaps, with 95% identifying at least one area of need, constituting an increase from 90% last year. Marks pointed out that AI is a primary driver of many of these skills gaps, affecting numerous domains from cloud security to risk management.
These training requirements also exhibit regional variations, with more than half of respondents in the UK (55%) and the US (54%) marking AI as their top training priority. In contrast, lower percentages were observed in India (47%), Canada (46%), Germany (43%), and Japan (40%). Interestingly, India and Japan did not have AI as their highest priority; instead, they prioritized cloud computing security and security analysis, respectively. Marks attributed these discrepancies to market maturity rather than a lack of interest in AI.
Despite the clear prioritization of training, many organizations face challenges in implementing effective training programs. The survey revealed that 73% of security leaders reported an increase in their training budgets over the past 12 months. However, financial resources alone cannot resolve the underlying issues. Only 29% of leaders expressed concerns over budget constraints, while the predominant obstacle identified was time.
Training for 98% of respondents occurs during work hours, and 77% indicated that managers adjust workloads to facilitate training. Nevertheless, 53% cited time and scheduling conflicts as primary barriers to effective training. Marks stated, “If you haven’t set aside the specific time, it doesn’t get done.” This statement reflects the intense pressure organizations face as incidents and urgent tasks often sideline training initiatives.
The balancing act for technology leaders will be considerable, as AI adoption brings forth added workloads while simultaneously necessitating upskilling efforts for existing staff. Adjusting training programs to accommodate this expedited pace of change without sacrificing depth or quality presents an ongoing challenge. As Marks succinctly noted, “Training will have to be faster. Training will have to be slightly lighter.”
This evolving narrative surrounding AI and cybersecurity underscores the urgent need for organizations to prioritize training amidst an increasingly complex threat landscape.