The latest O’Reilly report has highlighted a growing gap between new cyber threats and the readiness of security teams to handle them. According to the report, 34% of professionals reported a lack of expertise, especially around emerging vulnerabilities like prompt injection. This gap underscores the urgent need for specialised training as AI adoption grows across industries.
“Our global survey underscores a security landscape in flux, with critical skills gaps emerging in AI and cloud security. As cyber threats become increasingly sophisticated, it’s clear that continuous, high-quality training is no longer optional; it’s essential for safeguarding our digital future. Organizations must prioritise ongoing upskilling to stay ahead of evolving risks and build robust defences,” said Laura Baldwin, president of O’Reilly.
Cloud security is also a significant concern, with 39% of respondents citing a lack of cloud security skills, although cloud computing has been used for over 20 years. This shows a gap in expertise that could expose businesses to cloud-specific threats as they continue migrating their operations to the cloud.
Looking to the future, 34% of respondents prioritize AI-driven security tools, followed by security automation at 28.2%, signalling a shift toward automating cybersecurity defences.
Moreover, other findings show that phishing remains the number one threat (55%), followed by network intrusions (40%) and ransomware (35%). Despite the sophistication of modern cyberattacks, this highlights the need for more employee training.
The survey also reveals a certification gap, with 41% of security team members lacking formal certification despite 51% of organizations requiring it. Continuous learning is crucial, with 81% of companies mandating ongoing education for security professionals.
The report emphasises that better security awareness training for all employees (40%) is the most critical step in improving organizational security, even more than additional staffing or tools.