Expel research finds “strategy gap” in enterprise cyber hiring—not a talent shortage

    July 15, 2025
    Companies are severely misaligned on AI priorities, market conditions, and candidate expectations.
    Related To:
    68769c5c7363da6145e7143a Dialogueexecutives

    Expel unveiled new research today that challenges the long-held belief of a cybersecurity “talent gap,” revealing instead a significant “strategy gap” in how enterprises approach hiring and retention.

    The inaugural 2025 Enterprise Cybersecurity Talent Index, released today, highlights critical misalignments between enterprise hiring practices and candidate expectations, inadvertently hindering organizations’ ability to attract top security professionals.

    The report, based on an analysis of over 5,000 active security and security-adjacent job postings from Fortune 100 companies between March 6 and March 9, 2025, uncovers several key issues contributing to this perceived shortage:

    • Job role naming confusion: Enterprises have major differences in job titles despite having the same responsibilities, which leads to clear discrepancies in compensation packages.

    • The remote work paradox: Only 8% of enterprise cybersecurity roles offer remote work, yet 43% of remote roles in the study attracted over 100 applicants, indicating a clear disconnect. 

    • Lagging pay and perks: Cybersecurity positions, on average, offer less competitive compensation and fewer benefits like equity packages compared to related and adjacent fields. 

    • AI isn’t a senior-level priority: While half of all job descriptions reference AI, no director-level or higher positions require AI knowledge or experience, revealing a strategic blind spot at the top. 

    “We often hear about the cybersecurity talent or skills gap as a defining challenge in this industry, but our research suggests a different story,” said Jason Rebholz, co-founder and CEO of Evoke Security and advisory CISO for Expel. “Enterprises are inadvertently alienating and confusing candidates, pushing highly talented professionals toward other fields. If top applicants can find opportunities that truly align with their expectations, we can dispel the long-standing ‘talent shortage’ narrative. This report does more than just shine a light on hiring and retention challenges—it provides a roadmap for improving their strategies going forward.” 

    The Enterprise Cybersecurity Talent Index serves as a strategic guide for organizations to adapt their hiring strategies, differentiate themselves, and attract the high-caliber talent desperately needed to enhance security resilience.

    Learn more by downloading the 2025 Enterprise Cybersecurity Talent Index (no registration required).

    Expel expands MDR service to offer proactive defense for email threats