AI is revolutionizing cybersecurity. How should we train the next generation of defenders?

In today’s world, organizations are living in a new cybersecurity “normal”. Breaches are no longer a matter of if, but when. Most organizations now operate under the assumption that cyber incidents are inevitable and this mindset is reshaping how security teams, C-suites and boards of directors think, act and prioritize.

In the age of AI-powered threats, the challenge has grown even more complex. According to the latest Fortinet 2025 Cybersecurity Skills Gap report, 49% of cybersecurity leaders are concerned that AI will increase the volume and sophistication of cyberattacks. Artificial intelligence has become both an indispensable tool and a new vector of risk, expanding the scale, sophistication and speed of potential attacks in ways that demand new kinds of expertise and strategic thinking.

As AI accelerates both offensive and defensive capabilities, the need for skilled human professionals has never been greater. Yet the industry faces a deep and persistent shortage of qualified talent. Current estimates place the global shortfall between 2.8 and 4.8 million cybersecurity professionals. This widening gap means that while technology continues to advance at unprecedented speed, conversely the people needed to defend against modern threats are in short supply. Skilled defenders have become the most valuable resource in cybersecurity – and yet they remain scarce.

In response to this evolving environment, organizations are increasingly turning to AI to strengthen their defenses and improve operational resilience, leveraging AI to automate threat defense, speed up response, reduce risk and bridge skills gaps. Research shows that 97% of organizations are either already using or planning to implement AI-enabled cybersecurity solutions. Organizations that extensively use AI in security saw a $1.9M average reduction in cost per breach, underscoring the tangible financial and operational benefits of AI-driven security strategies.

Adoption is especially strong across Asia-Pacific and North America, where AI-powered security tools are increasingly becoming integral to day-to-day cybersecurity operations. The leading areas of application include threat detection and prevention, followed by security automation and threat intelligence.

In essence, AI is transforming how security operations function. It detects abnormal patterns, correlates massive volumes of alerts and automates repetitive tasks, freeing analysts to focus on strategic priorities and faster incident response. In fact, a 2025 study shows that 88% of security teams report significant time savings through AI. With machine learning and large language models embedded in security operations centres, organizations can anticipate emerging threats, streamline investigations and respond with greater speed and precision. This helps create a more proactive, agile and resilient security posture across cloud security, security operations and management, email security, and identity and access management.

Encouragingly, 87% of cybersecurity professionals expect AI to enhance key aspects of their roles, while only 2% believe it will replace them entirely. Still, this transformation is not without friction. The technology’s power is only as strong as the people behind it.

Nearly 48% of IT decision-makers identify a lack of staff with sufficient AI expertise as the biggest barrier to adoption. While organizations recognize AI’s potential, many struggle to find professionals with the technical knowledge needed to deploy, manage and govern these systems effectively.

But technical expertise alone is not enough. Cybersecurity and AI-powered operations more broadly, also depends on human judgement, interpretation and guidance. Soft skills such as analytical and creative thinking, communication, collaboration, and agility will be just as critical in the AI era for managing risk effectively and maintaining resilient security operations. According to the Future of Jobs 2025 report, demand for these skills is projected to rise significantly, with continued growth expected through 2030.

Closing the cyber skills gap therefore requires a coordinated, long-term strategy that extends beyond technology. The World Economic Forum’s Strategic Cybersecurity Talent Framework provides guidance on how to attract, educate, recruit and retain talent, helping organizations build a sustainable cybersecurity workforce.

By acting on these areas, organizations can not only broaden access but also create clear pathways for career growth, nurture diverse talent and ensure a steady pipeline of skilled professionals equipped to meet the evolving demands of cybersecurity. The World Economic Forum’s work on Public-Private Partnerships for Cyber Workforce Development reinforces that scalable, cross-sector collaboration is essential to align incentives, standardize training and drive innovation where human talent and technology intersect.

Aiming to close the cyber skills gap with a strategy based on three pillars – increased awareness and education, targeted training and certification, and the implementation of advanced security technologies – will help organizations to build and sustain a skilled cybersecurity workforce.

Organizations that invest equally in advanced tools and skilled people will be best positioned to withstand the next wave of threats. Ultimately, the future of cybersecurity will belong to those who can harness the strengths of both AI and human intelligence.