Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released by CompTIA, the nonprofit association for the technology industry and workforce.
CompTIA’s “State of Cybersecurity 2025” report reveals that cybersecurity is a primary or secondary priority for 94% of organizations in the United Kingdom and Ireland. Yet challenges such as cybersecurity skill gaps, lack of budget and prioritization of other technology initiatives indicate that internal processes need to match the priority statement. Nearly 1,200 business and IT professionals across six global regions were surveyed.
“Something is missing, either in the approach organizations are taking or in their expectations around what ideal cybersecurity would look like,” said Seth Robinson, vice president, industry research, CompTIA.
Cybersecurity’s unique status as a business imperative at all organizational levels – staff, management, executives and governing bodies – may be the reason of the disconnect.
“Gone are the days when achieving cybersecurity improvement was a simple matter of purchasing updated technology,” Robinson explained. “Businesses must have ongoing discussions around their cybersecurity technology stack, processes that ensure protection of assets and an organizational structure that provides cutting-edge expertise.”
The report identifies a growing need to build multiple layers of cybersecurity expertise. UK and Irish companies identify automation and artificial intelligence, knowledge of the threat landscape, understanding of regulatory considerations, data security and infrastructure security as areas in need of more robust skills. In some instances, companies view new hiring as an option to narrow these gaps, in others, training for their current cybersecurity workforce. Hiring and training require a financial commitment, though, and that remains a challenge for some. While 42% of UK an Irish respondents say cybersecurity budgets are increasing, 44% are dealing with flat or decreasing budgets.
“Developing skills is the most significant action companies may take in improving efficiency, but there are other options as well,” Robinson noted. “Increasing visibility and awareness among senior executives, establishing organizational imperatives and metrics and building policies that drive employee behavior will create a culture of cybersecurity.”
