CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Teamwork communication professionals office cybersecurity shield symbol illustration
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Cyber Threat

Cyber security budgets lag as soft skills take centre stage

Thu, 2nd Oct 2025
Author image
By Shannon Williams, News Editor

A new report from The Chartered Institute of Information Security has revealed that the majority of cyber security professionals believe budgets are failing to keep pace with the growing threat landscape.

The annual State of the Security Profession report surveyed members of the institute and wider security professionals, highlighting ongoing pressures within the field as well as emerging positive trends.

Budget and threat disparity

According to the research, 84% of respondents said their security budgets are increasing more slowly than the level of cyber threats they face. Only a small minority, 5%, felt that their funding is keeping up with or exceeding the pace of these evolving risks.

These budget concerns remain pronounced amid notable incidents over the past year, including high-profile breaches such as Scattered Spider's attack on Marks & Spencer and Co-op, and a widely reported settlement by MGM Resorts amounting to USD $45 million after a cyber attack. Simultaneously, successes on the law enforcement front, including the takedown of the RapperBot botnet, have punctuated an otherwise turbulent period for the sector.

People challenges outweigh technology

When exploring the core challenges faced by those in the profession, the majority of cyber security professionals emphasised people over technology and process. The report showed that 75% of professionals identified people as their most significant challenge, far ahead of processes (15%) and technology (10%).

Demand for soft skills remains strong. The research found that 48% of respondents consider analytical and problem-solving abilities to be the most important skillset, followed by communication skills at 27%. Technical skills were highlighted as the most important by just 14% of those surveyed.

The human element has never been more important. It belongs at the heart of organisations' cyber strategy, not as an added extra. Cyber security professionals must find ways to bring their colleagues and their organisation's supply chain on the cyber security journey. This means educating them on the risks of cybercrime via effective communication, helping them think differently, and actively challenging the deluge of misinformation and traps that are a sad fact of life. We need people with strong, proven communication skills - whether from inside or outside the profession. Using their talents for empathy, persuasion and clarity will be crucial to driving programmes that make people think, feel and ultimately act differently.

The report indicates that while organisations have largely implemented process-based controls and existing technology, human factors such as communication and behavioural change continue to present the greatest challenges.

Incident response versus prevention

Looking at performance across different aspects of cyber security, the study found that 57% of respondents believe the profession is improving in responding to incidents. However, fewer, at 49%, feel that the industry has got better at preventing attacks in the first place. This suggests security teams are often having to 'firefight' rather than focus on long-term preventive measures.

The shifting landscape is also reflected in the types of skills in demand, with the emphasis on soft skills suggesting a change in direction for the profession. Respondents pointed to investment constraints around new technologies, noting that teams would have to work with existing tools for the foreseeable future.

Sector outlook remains positive

Despite these challenges, job prospects and sector growth continue to be rated positively. Some 78% of those surveyed said their job prospects are good or excellent, and 73% anticipate the cyber security market will grow over the next three years.

The institute's findings underline the need for a broader approach to cyber security, balancing budgetary constraints, ongoing technology implementation, and the central role of people. As the report notes, "Developing or even attracting these skills generally costs less than shiny new tooling. And it's easier to justify spending when board members who are well aware of the current spate of attacks want someone to communicate the risks to them."

The report concludes that addressing challenges in people, processes, and technology remains necessary for effective cyber security. However, with technology investment limited by budgets and processes largely in place, it is tackling the people challenge - particularly improving communication - that has the potential for the most significant impact in the months ahead.

Related stories
Fortinet lifts outlook as SASE growth, USD $1bn buyback
DSi Compliance hires David Whipple to drive US growth
Fico outlines four AI trends reshaping banking by 2026
AI boosts engagement but ‘shadow AI’ risk grows in UK
Celonis names Ewan Henderson North America GM for AI push

Top stories

Super Bowl betting to drive surge in UK card disputes
North West firms step up apprentice hiring after reforms
SYTECH workshop sparks global interest in digital forensics
Bitget climbs to sixth in global crypto exchange ranks
Airwallex unveils AI assistant to streamline finance tasks