Technology professionals are increasingly worried about the shortage of AI security skills within organizations, according to learning platform provider O’Reilly.
In its 2024 State of Security Survey report, the firm found that 33.9% of tech professionals reported a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection.
Survey respondents also ranked AI-enabled security tools as the top priority for the coming year (34.4%), followed by security automation (28.2%). Evidence that automating cybersecurity defenses is a growing trend among security professionals .
Alarming Cloud Security Skills Gap
AI security was not the only area where tech professionals identified a critical skills gap.
Despite cloud computing’s two-decade presence, almost two in five (38.9%) respondents identified cloud security as the most significant skills shortage.
While the need for some key security measures seems to be broadly understood, with a majority (88.1%) of tech professionals having adopted multifactor authentication (MFA), 60.1% deployed endpoint security and 49.2% implemented a zero trust model, cloud security remains highly unprotected.
Continuous Learning, A Top Priority for Security Training
The top two needs identified by respondents as the main reasons explaining these skills gaps are a lack of security training and certification.
Better security awareness training for all employees (40.1%) was identified as the most crucial step in improving an organization’s security posture, outranking additional staffing and better security tools.
Despite 51.3% of companies requiring certifications for hiring, 40.8% of security team members remain uncertified. This gap is vast among incident responders (70% uncertified) but less so for CISOs (33.3% uncertified).
CISSP and CompTIA Security+ are the most required and desired credentials.
However, these sources alone are no longer sufficient, with most security professionals admitted they need to use other learning resources, such as online courses (88.8%), books (76.6%), and videos (75.2%), to stay updated on best practices and emerging threats.
Laura Baldwin, President of O’Reilly, highlighted the need for organizations to keep up with their security needs: “Our survey reveals a seismic shift in the security landscape—it’s no longer just an IT concern, but a company-wide imperative.
“While certifications like CISSP remain crucial, we’re seeing critical skills gaps in cloud and AI security. To truly safeguard our digital future, we need high-quality, continuous learning that goes beyond exam preparation and empowers every employee to be a frontline defender against evolving threats.”
O’Reilly surveyed over 1300 technology professionals for this report.
Read more: Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks