Cybersecurity's AI Paradox: Why New Tech Is Burning Out Human Experts

BRITTON, SD – June 16, 2026 – A fundamental paradox is emerging at the heart of corporate cybersecurity. As organizations aggressively pour capital into Artificial Intelligence—with 83% now using or planning to adopt AI-powered security tools—the human professionals on the front lines are not finding relief. Instead, they are burning out, feeling marginalized, and considering an exit.

A new landmark study, the eighth volume of the “Life and Times of Cybersecurity Professionals” by the Information Systems Security Association (ISSA) and research firm Omdia, lays bare this alarming disconnect. The report, the longest-running annual study of its kind, reveals that even as AI adoption accelerates, 68% of cybersecurity professionals say their job has grown harder over the past two years. This operational friction is creating a workforce crisis that technology alone cannot solve, threatening the very security posture these investments are meant to strengthen.

The Disconnect Between Tools and Teams

On the surface, the industry's embrace of AI appears logical. Attackers are leveraging AI to scale their operations, and organizations are fighting fire with fire. The study shows companies are deploying AI primarily to automate scanning and testing (50%), conduct predictive risk analysis (48%), and improve threat detection (38%). The goal is to create a more efficient, proactive defense.

However, the operational reality is far more complex. The data reveals a critical flaw in execution: a quarter of all organizations have increased their AI spending without a defined strategy that connects the technology to their people or broader security program. This suggests many leaders view AI as a silver-bullet procurement, a tool to be installed rather than an operational capability to be integrated.

This gap between procurement and integration is where the burden on human experts intensifies. Instead of reducing workload, these sophisticated systems often shift it. Professionals now find themselves managing complex AI platforms, validating an overwhelming firehose of alerts, troubleshooting opaque algorithms, and handling the highly nuanced threats that AI inevitably misses. One recent Omdia analysis found that while automation is key, 60% of organizations expect their security analysts to transition from executing tasks to supervising autonomous workflows. This supervisory role requires a different, often more demanding, set of skills in AI oversight and critical thinking.

“AI will not close the cybersecurity skills gap on its own,” warned Melinda Marks, Practice Director at Omdia and the study's lead researcher. The data shows that without a strategy for human-machine teaming, organizations are simply trading one set of problems for another, leaving their most valuable assets—their people—to manage the fallout.

An Investment Gap, Not a Skills Gap

The prevailing narrative has long been that a persistent “skills gap” is the industry’s biggest challenge. This new research forcefully reframes the problem. The issue is not a lack of available talent, but a systemic failure to support and develop the talent already in place.

“Eight years of data point to the same conclusion,” said Jimmy Sanders, President of ISSA. “The profession is struggling not because talent is scarce, but because organizations are not investing enough in the people they already have. That is the leadership opportunity in front of us right now.”

The numbers supporting this verdict are stark. Close to half of all cybersecurity professionals surveyed have thought about leaving their role in the last 18 months. Of that group, a staggering 57% have considered leaving the cybersecurity field entirely. This looming exodus is not primarily about salary. When asked to name the top driver of job satisfaction, respondents cited leadership commitment (39%) above compensation (35%) and technology investment.

A deep-seated feeling of exclusion is fueling this dissatisfaction. An astonishing 71% of security professionals report that technology decisions are made without their team at the table. This operational blind spot means organizations are frequently acquiring tools that aren't fit for purpose, creating security debt, and sending a clear message to their security teams that their expertise is not valued in strategic decision-making.

The Eroding Influence of Security Leadership

The marginalization of security teams appears to extend to their leadership. The study uncovered a concerning decline in the prevalence of dedicated Chief Information Security Officers (CISOs), with CISO appointments falling from 76% to 63% in just one year. This trend suggests that in some organizations, senior-level accountability for security may be weakening or becoming a distributed, part-time responsibility—a dangerous direction in the current threat environment.

This erosion of leadership influence is the strategic root of the tactical problems faced by security teams. When a CISO lacks a strong voice in the C-suite and security teams are excluded from key technology discussions, security inevitably becomes a reactive function. Teams are left scrambling to bolt on protections to systems and applications they had no role in selecting or designing, a fundamentally inefficient and ineffective posture.

This dynamic directly contradicts the growing demand from boards and regulators for robust cybersecurity governance. While corporate leaders are under more pressure than ever to manage cyber risk, that pressure is not consistently translating into the empowerment of their internal security leaders. The result is a cycle of frustration, burnout, and escalating risk.

A Blueprint for Rebuilding the Human Firewall

Reversing these trends does not require abandoning technology but rather rebalancing priorities to focus on the human element. As Omdia’s Melinda Marks stated, “Organizations getting the most from their security programs need to invest in their people first. Training, inclusion, and clear career paths are not soft benefits. They are what makes everything else work.”

This means moving beyond lip service to create an environment where security professionals can thrive. It starts with giving them a meaningful role in technology strategy, ensuring their expertise informs decisions from the outset. It also requires a serious commitment to professional development, with clear career paths and mentorship opportunities—a step that 54% of respondents cited as highly valuable for anyone entering the field.

Ultimately, technology is only as effective as the people and processes that surround it. The most resilient organizations will be those that recognize their human experts are their most critical security asset and invest accordingly.

“What sustains people in this profession long-term is not any one technology or program,” noted Dr. Shawn Murray, Immediate Past President of ISSA. “It is connection. Access to peers who understand the work, mentors who have navigated the same challenges, and a community where your development is taken seriously. That is what professional associations exist to provide, and it is something no AI tool replaces.”