2025年网络安全现状：全球劳动力努力、资源及网络安全运营最新报告

C O N T E N T S 4Executive Summary 5Survey Methodology 8Cybersecurity Workforce Challenges8 / Hiring and Open Roles12/ Burnout and Retention14/ Some Employer Benefits Decrease 17The Talent Pipeline17/Future Workforce Concerns18/Skill Gaps 21Cybersecurity Operations21/Budgets21/Boards and Cybersecurity Prioritization 24Cyberrisk and Cyberattacks27/Cyberrisk Assessments AI and Cybersecurity A B S T R A C T State of Cybersecurity 2025: Global Update on Workforce Efforts, Resources, andCybersecurity Operationsreports the results of the annual ISACA®globalState ofCybersecurity Survey, conducted in the second quarter of 2025. This survey reportfeatures trends in cybersecurity hiring, staffing, and budgets; cyberrisk and threats;cybersecurity operations; and the role of artificial intelligence (AI) in cybersecurity work.Although some findings are similar to previous years, some significant differences signalchanges in cybersecurity operations and broader workforce trends. Executive Summary The eleventh annual ISACA®globalState of CybersecuritySurveyexplores challenges, trends, and opportunitieswithin the cybersecurity field. This year’s survey reportpresents insights on cybersecurity skills, hiring, andbudgets; cyberrisk; and the role of artificial intelligence (AI)in cybersecurity. cybersecurity workers approach retirement age,enough cybersecurity talent with managerialexperience might not be available to replace retiringmanagers. Enterprises should begin to considersuccession planning now to anticipate and addresspotential hiring challenges. •Optimism about cybersecurity budgets growing issomewhat less compared to last year. Only 41% ofrespondents believe that their cybersecurity budgetswill increase in the next 12 months, compared to lastyear, when 47% of respondents believed that budgetswould increase. Eighteen percent of survey respondentsbelieve that their cybersecurity budgets will decrease inthe next 12 months, compared to 13% last year. Certain findings are consistent with last year’s surveyreport; other survey findings indicate changes in theway that cybersecurity professionals work. Like in 2024,respondents to this year’s survey have concerns aboutcybersecurity budgets, which are likely a reflection ofbroader market uncertainty. Key findings include: •Adaptability is the most important factor in determininga cybersecurity applicant’s qualifications. Sixty-onepercent of respondents indicate that adaptabilityis very important. Prior hands-on experience dropsfrom first place last year to second place, with 60% ofrespondents indicating that prior cybersecurity workexperience is very important. The importance of thisfactor is a considerable decline from last year, when73% of respondents said it was very important. •Cybersecurity roles remain stressful. Sixty-sixpercent of respondents indicate that their roles aresignificantly or slightly more stressful now than fiveyears ago. Survey respondents say that the mainreason for this stress is the increasingly complexthreat landscape. Although the complexity of thethreat landscape was also the top stressor last year,fewer respondents identify it as a challenge this year(63% in 2025 compared to 81% in 2024). •Last year, for the first time in the history of thissurvey, the percentage of respondents betweenthe ages of 45 and 54 overtook the percentage ofrespondents in the 35 to 44 age group, and thistrend continues this year. The aging cybersecurityworkforce has expanded slightly among surveyrespondents. The largest percentage of surveyrespondents are between the ages of 45 and 54 (35%,which is one point higher than last year). This surveyfinding, when combined with a slight decline (onepoint) in the percentage of respondents who are ages34 and below, is cause for concern. Further evidenceof an aging workforce is the survey finding that lessthan half of respondents manage staff with less thanthree years of work experience. As these experienced Cybersecurity roles remain stressful. Sixty-sixpercent of respondents indicate that their roles aresignificantly or slightly more stressful now than fiveyears ago. •Soft skills are the largest skill gap amongcybersecurity professionals, increasing from 51%in 2024 to 59% in 2025. Survey respondents reportthat critical thinking (57%); communication, whichincludes listening, speaking, and conflict resolution(56%); and problem solving (47%) are the top-threemost important soft skills that security professionalsneed today. STATE OF CYBERSECURITY 2025: G L O B A L UPDATEONWORKFORCEEFFORTS,RESOURCES,ANDCYBERSECURITYOPERATIONS •Half of the respondent enterprises have challengesretaining qualified cybersecurity professionals—thelowest percentage of retention challenges since2020. High work-stress levels, limited promotionand development opportunities, and recruitment byother enterprises are the top reasons cybersecurityprofessionals are leaving their current roles. this is a decline from last year: 30% of responden