Cyber Staffing Shortages Remain CISOs' Biggest Challenge in 2025

According to the Skill Shortage List in New Zealand and Australia, cybersecurity professionals are in high demand, but the pool of qualified candidates is shrinking. Cyber roles often require a mix of expertise in networking, systems administration, and software development, making them hard to fill. The average cyber investigator must be a subject matter expert in analytics and hold administrator-level knowledge of data sources. Such high requirements narrow the talent pool drastically, leaving many organizations struggling to meet their security needs. In addition, 74% of CISOs reported a lack of sufficient public cloud skills in their teams, crucial for conducting high-quality investigations.

Cybersecurity tools, while essential, are a significant burden on both budgets and staff. EDR/XDR, SIEM, and SOAR systems are among the most common security operations tools used today. However, they come with limitations and heavy costs—especially when scaling them across cloud environments.

• 59% of CISOs reported high staffing costs associated with SIEM tools.
• 75% of teams face challenges integrating data sources into SIEM and SOAR systems, often relying on third-party services to keep them operational.

Training for these tools is another costly endeavor. Hiring professionals with cross-disciplinary knowledge is already difficult, and providing ongoing training further drains resources.

While tools like EDR/XDR, SIEM, and SOAR are critical to Security Operations (SecOps), they come with their own set of challenges. EDR/XDR, for instance, struggles with correlating network and cloud telemetry, which leaves gaps in visibility and requires more specialized skills to operate effectively. Moreover, SIEM systems are expensive, not just in deployment but also in the costs associated with staffing and maintaining them. This often leads organizations to invest in third-party services, further inflating the budget while still not achieving full coverage of IT systems.

Despite the constant talk of cyber staffing shortages, many wonder if companies are actually hiring. The answer is yes, but the bar is high. Most cyber roles require deep cross-disciplinary skills in IT, networking, and systems administration, making it a competitive and difficult job market to break into. Command Zero’s research indicates that to land a role in cybersecurity, professionals should aim for adjacent positions such as networking or systems engineering, before moving into cyber roles. And once in the industry, continuous learning is key.

The cybersecurity industry is facing a double crisis: a shortage of skilled professionals and the high cost of maintaining and securing platforms. While tools like EDR, SIEM, and SOAR provide necessary defense layers, they are only as good as the talent using them. To stay ahead, organizations need to invest in both technology and people, focusing on reducing turnover, enhancing job satisfaction, and upskilling their workforce.

At Fortray, we specialize in closing the cybersecurity skills gap. With comprehensive programs in cyber defense, cloud security, and incident response, we help professionals acquire the expertise needed to excel in this competitive field. Explore our cybersecurity traineeship program today and ensure your team is prepared to face the challenges ahead.