The global cybersecurity sector is increasingly facing a capability gap rather than a talent shortage, according to new analysis by Accenture. While organisations continue to report difficulty filling cybersecurity roles, the report suggests that evolving job requirements are making recruitment more challenging.
Accenture analysed more than 550,000 cybersecurity job postings and professional profiles and found that employers are increasingly seeking professionals with a combination of technical expertise, business knowledge, leadership abilities and emerging technology skills.
According to the analysis, nearly six in ten cybersecurity vacancies now require this broader mix of capabilities, while only around four in ten professionals currently possess them.
Cybersecurity Roles Expand Beyond Technical Skills
The report notes that cybersecurity responsibilities have expanded beyond traditional IT functions into areas such as corporate strategy, cloud adoption, artificial intelligence (AI), mergers and acquisitions, and product development.
As a result, cybersecurity professionals are increasingly expected to communicate risks to business leaders, support strategic decision-making and collaborate across departments, in addition to managing technical security operations.
Education and Workforce Development
Accenture also reviewed cybersecurity education programmes across 24 countries and identified recurring gaps in areas including governance, enterprise risk management, cyber law and executive communication.
The report suggests that while many graduates enter the workforce with strong technical knowledge, they often have limited exposure to business and organisational decision-making, leading employers to compete for experienced professionals who have developed these skills over time.
Burnout Continues to Affect Retention
The report highlights employee retention as another challenge for the cybersecurity industry.
According to the findings, the average tenure of cybersecurity professionals has declined from 3.3 years between 2005 and 2015 to 1.8 years over the past decade. More than half of cybersecurity professionals report experiencing frequent work-related stress, and about 20% say they are considering leaving the profession.
Accenture notes that replacing experienced professionals involves more than hiring technical talent, as organisations also lose institutional knowledge and business context when employees leave.
AI Driving New Skill Requirements
Artificial intelligence is also reshaping cybersecurity workforce needs.
The report states that demand for AI-related cybersecurity skills has more than doubled since 2020. It also found that 94% of cybersecurity leaders expect AI to be the biggest driver of change in the sector, while 87% identify AI-related vulnerabilities as one of the fastest-growing risk areas.
According to the report, organisations can adopt AI technologies relatively quickly, but developing professionals capable of managing associated risks requires significantly longer-term investment in training and experience.
Implications for Employers
Accenture suggests that organisations may need to place greater emphasis on workforce development rather than relying solely on external hiring to address cybersecurity skill gaps.
The report argues that as employers increasingly seek professionals who combine technical expertise with leadership, communication and business skills, long-term capability building may become as important as recruitment.
India’s Position
The report also highlights India as having one of the world’s largest pools of technically trained graduates while continuing to experience shortages of experienced cybersecurity professionals at the enterprise level.
According to Accenture, developing expertise in governance, risk management, leadership and cross-functional collaboration through structured career progression could help address this gap as cybersecurity demands continue to evolve.
The findings suggest that, as cybersecurity threats become more sophisticated and AI adoption accelerates, organisations may need to focus on building internal capabilities alongside hiring efforts to meet future workforce requirements.
