AI is reshaping the cyber security profession. With 94% of leaders viewing AI as a change driver and 15% of companies reducing hiring due to automation, the workforce landscape is shifting fast. We examine what this means for CNI organisations competing for talent in an AI-augmented world.
← Back to Insights
Artificial intelligence is reshaping the cyber security profession. The World Economic Forum reports that 94% of security leaders view AI as a significant change driver, yet the gap between AI's promise and organisational readiness remains stark. For CNI organisations competing for talent in an AI-augmented world, the implications are profound — and require a strategic response.
This matters because AI is no longer theoretical. It's already reshaping hiring, automation expectations, and the skills CNI organisations need to recruit and retain.
AI presents a paradox for security teams. It offers the potential to automate repetitive tasks, accelerate threat detection, and augment human analysts. But threat actors are already leveraging AI to enhance their attacks — from more convincing phishing campaigns to automated vulnerability discovery.
The NCSC Annual Review 2025 explicitly flagged AI as a force multiplier for adversaries. Threat actors are using AI to enhance existing attack methods rather than develop entirely new ones. For defenders, the window for adopting AI-enhanced security tools is narrowing fast.
Yet adoption among CNI organisations remains slow. The SANS/OPSWAT 2024 ICS/OT survey found that only 10% of organisations are currently using AI in their ICS/OT security operations. While 62% of organisations list AI as a top priority, only 13% consider themselves prepared to address AI-related challenges.
The Reed Technology Salary Guide 2026 describes a broader shift in the UK labour market: a white-collar recession driven by AI adoption. Fifteen percent of companies report reducing hiring due to AI capabilities. Graduate job listings have dropped from 180,000 to 50,000 — a dramatic contraction.
Cyber security is the exception. Alongside AI engineering, cloud computing, and data engineering, cyber security remains in highest demand. This creates a nuanced picture: while AI may reduce headcount in some corporate functions, the need for skilled security professionals — particularly those with sector-specific experience and security clearance — continues to grow.
For CNI organisations, this is both opportunity and risk. AI tools can help lean teams punch above their weight, automating log analysis, threat correlation, and routine compliance tasks. But over-reliance on AI without sufficient human expertise creates blind spots. In OT environments where AI training data is scarce and false positives can be operationally catastrophic, this risk is particularly acute.
Despite AI's potential, the fundamental skills gap in cyber security shows no sign of closing. The SANS/OPSWAT survey found that 51% of organisations lack staff with ICS/OT-specific certifications. Only 56% have a dedicated incident response plan for operational technology environments.
AI cannot solve this gap alone. While AI tools can augment analyst capabilities, they require skilled professionals to configure, monitor, and interpret their outputs. The organisations that will benefit most from AI in security are those that invest in both the technology and the people to operate it.
Invest in AI literacy across your security team. This does not mean every analyst needs to become an AI engineer. But understanding how AI tools work — and their limitations — is becoming a baseline competency for security professionals in 2026.
Use AI to address the volume problem. SOC teams drowning in alerts can benefit enormously from AI-powered triage and correlation. This frees human analysts to focus on complex investigations and strategic decision-making.
Do not use AI as a substitute for hiring. The organisations that cut security headcount in favour of AI tools will find themselves exposed when those tools encounter scenarios outside their training data. In CNI environments, this happens more often than vendors acknowledge.
Build career pathways that integrate AI. Junior analysts who learn to work effectively with AI tools become the senior leaders of tomorrow. Organisations that offer this development opportunity gain a significant advantage in attracting early-career talent.
The AI revolution in cyber security is real. But it is an evolution of the profession rather than a replacement of it. ISC2 research shows that 87% of professionals expect AI to enhance rather than replace their jobs — a view that aligns with what we're seeing in the market.
For CNI organisations, the winning strategy is clear: invest in people and technology together, not one at the expense of the other. The organisations that get this balance right will be the ones that attract the talent that makes resilience possible.
The demand for experienced CISOs in critical national infrastructure far outstrips supply. We examine what's driving the gap, how organisations can compete for scarce talent, and why traditional hiring approaches are failing.
AI spending on network automation will reach $20 billion by 2028. For CNI operators, deploying AI effectively requires professionals who understand both the technology and the operational context of critical infrastructure.
Trusted by security leaders at
"I can't recommend Gyles and the team at Foundations enough. We struggled to find a suitable candidate for 5 months, Foundations found 3 perfect candidates in 24 hours."
Manager of EMEA & APAC Network Engineering, Equinix
