Security Teams Face Time Constraints for New Threat Training

Key Takeaways

• Training budgets are growing: About 73 % of cybersecurity leaders report increased spending on staff development over the past year.
• AI tops the skill agenda: Nearly half (47 %) say artificial‑intelligence expertise is the most pressing competency they are addressing or plan to address.
• Time remains the biggest obstacle: While 98 % of organizations allow training during work hours, 53 % of leaders say employees still struggle to find time to participate.
• Additional barriers persist: Keeping content current (45 %), finding qualified trainers (39 %), low employee willingness (37 %), and insufficient leadership support (32 %) also hinder upskilling efforts.
• Budget gaps linger: Almost a third (29 %) lack sufficient funds to provide up‑to‑date training despite overall increases.
• Existing programs are deemed effective: Most leaders rate their security‑training initiatives as very or extremely effective in improving key processes.
• Continuous, protected learning is essential: The report stresses that training must be an ongoing activity with dedicated time, adjusted workloads, and managerial support to keep pace with evolving threats.

Training Budgets on the Rise
The ISC2 study reveals that a substantial majority of cybersecurity leaders—73 %—have seen their organization’s security‑training budget increase over the last twelve months. This uptick reflects a reactive stance as businesses confront the rapid emergence of new technologies and the associated cyber‑risk landscape. Leaders attribute the growth to heightened awareness that skilled personnel are a critical line of defense. The increased financial commitment signals that organizations recognize the need to invest in their people, even if translating those funds into effective learning experiences remains a challenge.

AI as the Top Skill Priority
When asked which emerging skill set is most urgent, almost half of respondents (47 %) identified artificial‑intelligence expertise as the primary focus for current or planned training initiatives. The rise of AI‑driven tools, both defensive and offensive, has created a knowledge gap that security teams are eager to close. This emphasis on AI underscores a broader trend where technological advancements dictate the direction of upskilling efforts, pushing teams to familiarize themselves with machine‑learning models, automated threat‑hunting platforms, and the ethical implications of AI in security operations.

Barriers Despite Resources
Although financial resources are expanding, the study highlights several persistent obstacles that prevent cybersecurity staff from actually engaging in training. A striking 98 % of leaders confirm that their organizations permit training during regular work hours, yet more than half (53 %) report that employees still encounter difficulties allocating time for learning. This disconnect between policy and practice points to deeper operational pressures that undermine even well‑funded development programs.

Time Constraints as the Core Issue
The most frequently cited barrier is the lack of available time amidst day‑to‑day responsibilities. Security professionals often juggle incident response, vulnerability management, and compliance tasks, leaving little room for structured learning sessions. Leaders note that even when training is officially sanctioned, the relentless flow of alerts and operational demands makes it unrealistic for staff to step away from their core duties. Consequently, the intended benefit of increased training budgets is diluted by the reality of overstretched teams.

Additional Challenges in Training Delivery
Beyond time, other factors impede effective upskilling. Forty‑five percent of respondents struggle to keep training content current and relevant, a problem exacerbated by the fast‑paced evolution of cyber threats. Finding qualified trainers proves difficult for 39 % of organizations, while 37 % report low employee willingness to participate, possibly due to perceived irrelevance or fatigue. Leadership or stakeholder support is lacking in 32 % of cases, which can diminish motivation and reduce the perceived value of training initiatives.

Effectiveness of Existing Programs
Despite these hurdles, the majority of security leaders evaluate their training programs positively. Most describe their initiatives as “very” or “extremely” effective in improving key security processes over the past year. This suggests that, when training does occur, it yields tangible benefits such as faster incident detection, improved response times, and better alignment with regulatory requirements. The perceived effectiveness reinforces the argument that overcoming the barriers to participation could amplify these gains even further.

Need for Continuous, Structured Learning
The report emphasizes that cybersecurity training must be viewed as an ongoing, iterative process rather than a one‑off event. As technology and threat tactics evolve, security teams require regular refreshers and advanced modules to stay prepared. ISC2 recommends that organizations explicitly carve out protected time for learning, adjust workloads to accommodate training, and equip managers with the guidance and resources necessary to prioritize skill development. Embedding training into the workflow—supported by leadership—creates an environment where continuous improvement becomes the norm rather than the exception.

Recommendations for Organizations
To translate budget increases into real skill growth, leaders should:

1. Schedule dedicated learning blocks (e.g., weekly “no‑meeting” hours) and treat them as non‑negotiable commitments.
2. Align training content with current threats by leveraging threat‑intelligence feeds and updating curricula quarterly.
3. Invest in internal train‑the‑trainer programs or partner with accredited providers to alleviate trainer shortages.
4. Gather employee feedback to tailor topics that address perceived skill gaps and boost engagement.
5. Secure visible leadership endorsement, such as executives participating in training sessions or publicly championing upskilling efforts.
6. Measure outcomes through metrics like mean‑time‑to‑detect, certification rates, and post‑training assessment scores to demonstrate ROI.

Implementing these steps can help organizations overcome the time‑related and logistical barriers highlighted in the study, ensuring that increased investment translates into a more resilient cybersecurity workforce.

Study Scope and Methodology
The findings are based on a survey of 995 cybersecurity leaders from large enterprises (5,000 + employees) spanning Canada, Germany, India, Japan, the United Kingdom, and the United States. Respondents represented a mix of industries and were asked to reflect on their organization’s training practices, budget trends, perceived skill priorities, and encountered challenges over the previous year. The broad geographic and sectoral coverage lends the results a representative view of how global enterprises are navigating the tension between growing training needs and the practical realities of securing their teams against emerging threats.