Report offers insight into how Fortune 100 enterprises can improve their hiring and retention strategies to improve cybersecurity resilience
Press releases · Brooke McClary
Herndon, VA, July 15, 2025 – Expel, the leading managed detection and response (MDR) provider, unveiled new research today that challenges the long-held belief of a cybersecurity “talent gap,” revealing instead a significant “strategy gap” in how enterprises approach hiring and retention. The inaugural 2025 Enterprise Cybersecurity Talent Index, released today, highlights critical misalignments between enterprise hiring practices and candidate expectations, inadvertently hindering organizations’ ability to attract top security professionals.
The report, based on an analysis of over 5,000 active security and security-adjacent job postings from Fortune 100 companies between March 6 and March 9, 2025, uncovers several key issues contributing to this perceived shortage:
- Job role naming confusion: Enterprises have major differences in job titles despite having the same responsibilities, which leads to clear discrepancies in compensation packages..
- The remote work paradox: Only 8% of enterprise cybersecurity roles offer remote work, yet 43% of remote roles in the study attracted over 100 applicants, indicating a clear disconnect.
- Lagging pay and perks: Cybersecurity positions, on average, offer less competitive compensation and fewer benefits like equity packages compared to related and adjacent fields.
- AI isn’t a senior-level priority: While half of all job descriptions reference AI, no director-level or higher positions require AI knowledge or experience, revealing a strategic blind spot at the top.
“We often hear about the cybersecurity talent or skills gap as a defining challenge in this industry, but our research suggests a different story,” said Jason Rebholz, co-founder and CEO of Evoke Security and advisory CISO for Expel. “Enterprises are inadvertently alienating and confusing candidates, pushing highly talented professionals toward other fields. If top applicants can find opportunities that truly align with their expectations, we can dispel the long-standing ‘talent shortage’ narrative. This report does more than just shine a light on hiring and retention challenges—it provides a roadmap for improving their strategies going forward.”
The Enterprise Cybersecurity Talent Index serves as a strategic guide for organizations to adapt their hiring strategies, differentiate themselves, and attract the high-caliber talent desperately needed to enhance security resilience.
Learn more by downloading the 2025 Enterprise Cybersecurity Talent Index (no registration required).
About Expel
Expel is the leading managed detection and response (MDR) provider trusted by some of the world’s most recognizable brands to expel their adversaries, minimize risk, and build security resilience. Expel’s 24/7/365 coverage spans the widest breadth of attack surfaces, including cloud, with 100% transparency. We combine world-class security practitioners and our AI-driven platform, Expel Workbench™, to ingest billions of events monthly and still achieve a 17-minute critical alert MTTR. Expel augments existing programs to help customers maximize their security investments and focus on building trust—with their customers, partners, and employees. For more information, visit our website, check out our blog, or follow us on LinkedIn.
Contact:
Dave Heffernan
expel@methodcommunications.com
Method Communications on behalf of Expel
Jimmy Alder
expel@harvard.co.uk
Harvard on behalf of Expel
