Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce.
CompTIA's "State of Cybersecurity 2025" report reveals that cybersecurity is a primary or secondary priority for 98% of organizations. Yet only 25% of survey respondents feel that the overall direction of cybersecurity is improving dramatically, and only 22% characterize their organization's cybersecurity efforts as completely satisfactory. Nearly 1,200 business and IT professionals across seven global regions were surveyed.1
"Something is missing, either in the approach organizations are taking or in their expectations around what ideal cybersecurity would look like," said Seth Robinson, vice president, industry research, CompTIA.
Cybersecurity's unique status as a business imperative at all organizational levels – staff, management, executives and governing bodies – may be the reason of the disconnect.
"Gone are the days when achieving cybersecurity improvement was a simple matter of purchasing updated technology," Robinson explained. "Businesses must have ongoing discussions around their cybersecurity technology stack, processes that ensure protection of assets and an organizational structure that provides cutting-edge expertise."
Cybersecurity expertise needed
The report identifies a growing need to build multiple layers of cybersecurity expertise. Among North American companies, 53% are considering new hiring as an option. An even greater percentage (56%) plan to pursue training for their current cybersecurity workforce, and 42% plan to offer cybersecurity certifications as a way of establishing core concepts within the team and extending skillsets into emerging focus areas.
Hiring and training require a financial commitment, though, and that remains a challenge for some. While a significant majority of respondents state that cybersecurity is a high priority at their firm, only 49% feel that it is relatively easy to procure funds for cybersecurity activities or that budgets are increasing.
"Developing skills is the most significant action companies may take in improving efficiency, but there are other options as well," Robinson noted. "Increasing visibility and awareness among senior executives, establishing organizational imperatives and metrics and building policies that drive employee behavior will create a culture of cybersecurity."
AI and cybersecurity
Artificial intelligence (AI) has the potential to accelerate, automate and complicate cybersecurity efforts. North American companies are evenly split between an emphasis on using AI internally to improve their defense and on learning about new forms of AI-enabled attacks. Current AI-enabled use cases include monitoring network traffic, generating defense tests and predicting future breaches.
CompTIA's "State of Cybersecurity 2025" report is available at https://www.comptia.org/content/research/cybersecurity-trends-research.
1 ANZ (Australia, New Zealand), ASEAN (Brunei Darussalam, Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand, Viet Nam ) Benelux (Belgium, Netherlands, Luxemburg), DACH (Germany, Austria, Switzerland), North America, and United Kingdom and Ireland.
