Security threats were analyzed in a recent report by O'Reilly. The report found that 33.9% of tech professionals report a shortage of artificial intelligence (AI) security skills, particularly around emerging vulnerabilities like prompt injection.

Despite cloud computing’s two-decade presence, 38.9% of respondents identified cloud security as the most significant skills shortage. This revelation underscores a lag in expertise as organizations continue their cloud migration journeys, potentially leaving them vulnerable to cloud-specific security threats.

Looking ahead, AI-enabled security tools rank as the top priority for the coming year (34.4%), with security automation following closely behind (28.2%), signaling a strong push toward automation in cybersecurity defenses. In an era of sophisticated cyberattacks, 55.4% of respondents still cite phishing as the primary security concern, followed by network intrusion (39.9%) and ransomware (35.1%).

A majority (88.1%) of tech professionals have adopted multifactor authentication, 60.1% have implemented endpoint security, and 49.2% have adopted a zero trust model. Despite 51.3% of companies requiring certifications for hiring, 40.8% of security team members remain uncertified. This gap is pronounced among incident responders (70% uncertified) but less so for CISOs (33.3% uncertified).

Over 80% of employers mandate continuing education for security professionals, with 32.2% requiring 41 or more hours annually. This emphasis on ongoing training reflects the rapidly changing threat landscape.

Security professionals emphasize the importance of continuous learning, utilizing online courses (88.8%), books (76.6%), and videos (75.2%) to stay updated on best practices and emerging threats. The survey also found that better security awareness training for all employees (40.1%) was identified as the most crucial step in improving an organization’s security posture, outranking additional staffing and better security tools.

Read the report