What are Average Cybersecurity Salaries in 2025?

Consumption of security and infrastructure courses showed the most significant gains last year, with cybersecurity certifications increasing by more than 100% since 2022, according to our Lean Into Learning Report.
And, with good reason.
According to a report by Sonicwall, there were over 6 billion malware attacks worldwide in 2023. And, from March to May of 2024, instances of malware increased by 30%, and encrypted threats increased by 92%, indicating that malware attacks are growing more sophisticated. For example, in March 2024, hackers released sensitive personal data onto the dark web of 7.6 million current customers and 65.4 million former customers of AT&T.
The fact is that 2024 has ushered in new cyber threats that require organizations to outsmart threat actors. While AI has seemingly unlimited potential for good, it also represents a potential weapon in the hands of cybercriminals. AI-powered malware, spear-phishing emails that seem eerily personal, and deepfake scams are just some of the emerging threats this technology has enabled.
The impact of these threats can be catastrophic, ranging from financial losses to extreme reputational damage. AT&T, for instance, is facing multiple class-action lawsuits. The average cost of a data breach in the United States has risen to over $9 million, by some estimates, and businesses that fail to adequately protect their data may face regulatory penalties as well.
That's why cybersecurity isn’t just an IT issue. Everyone must be knowledgeable of these threats and how to help prevent them.
For learning and development (L&D) professionals, the challenge is clear: cybersecurity training must evolve to address these new threats, and quickly.
How do you ensure that your team — and your organization — are prepared?
The complexity of cybersecurity threats is escalating with the integration of advanced technologies like AI, requiring organizations to enhance their security strategies and training programs. Access our latest Cybersecurity Awareness Report to learn more.
As cybercriminals continuously refine their tactics, businesses must proactively cultivate a culture of security, supported by a strategic approach to policy, training, prevention, and response.
Nobody is safe from cybercrime. Every second counts, and the better we're all trained, the better we can stave off threats.
At the core of every organization’s defense against cyber threats is a well-trained workforce. One that understands that today's cybercriminals must be met with a deep understanding of the technology powering the attacks, along with the skills and knowledge to help stop them.
And that starts with continuous education.
Cybercriminals are always searching for new vulnerabilities, and without regular training updates, employees may not be equipped to handle the latest threats. For instance, while many employees may now recognize a generic phishing email, advanced AI-powered "spear-phishing" techniques targeting specific individuals or departments require everyone to be extra vigilant.
Of course, each team member interacts with technology differently and faces unique threats based on their responsibilities. For instance, while IT personnel may require in-depth technical training on threat detection and response, frontline employees might benefit from practical workshops on recognizing phishing attempts and safeguarding sensitive information. By tailoring the content to specific roles, you not only enhance relevance but also empower employees to take ownership of their own security practices.
For organizations, the benefits of tailored cybersecurity training are undeniable:
For employees, cybersecurity training can enhance career prospects as more industries demand employees with strong security awareness. In sectors such as finance, healthcare, and government, understanding cybersecurity practices is becoming a baseline requirement.
How do you design a strategic cybersecurity training program?
Effective cybersecurity training programs should cover a range of essential topics to ensure employees are prepared to face diverse threats. Key areas of focus can include:
Training employees to identify phishing emails, texts, and social engineering tactics is crucial, as these are often the entry points for larger attacks.
Strong password policies and multi-factor authentication (MFA) seem basic, but they are critical measures in preventing unauthorized access.
Employees need to know how to report suspicious activity and understand the organization’s incident response protocol.
With hybrid and remote work models here to stay, training on secure remote access and use of VPNs is essential.
Employees must understand data protection laws relevant to their industry, such as HIPAA, and the importance of safeguarding sensitive information.
Just as importantly, these programs need to be updated regularly. Continuous learning — in the form of periodic refreshers, simulated phishing exercises, and micro-learning modules — can help ensure that employees remain engaged, empowered, and informed. Since time constraints and workload can inhibit employee adoption, offer self-paced learning and a variety of resources and training modalities to meet them where they are.
As an L&D leader, you're responsible for securing and developing cybersecurity training — and that means you’re on the front lines of safeguarding your organization’s future. How do you get both the C-Suite and your employees onboard?
Here are a few strategies to help get you started:
Here's how one of our customers is growing their own culture of security:
T-Mobile's customers trust them to keep their information secure, and that’s a responsibility they take seriously. They're committed to maintaining the highest standards of cybersecurity and continue to invest in and enhance their measures to safeguard technologies, processes, systems, and teams.
At T-Mobile, cybersecurity training is delivered to people across the enterprise, including HR, finance, customer service, retail, and IT. But the training across these departments is adapted to a professional's respective role because how they experience security risks often looks different.
"If you want to affect lasting change, people need to see themselves in the training, not just hooded attackers," says Adam Gwaltney, T-Mobile's Cybersecurity Training Manager. "Messaging and content must be diverse and inclusive. What training looks like for someone on the technology side is going to look vastly different than training for someone people-facing like HR, which is why having a content library that is relevant to a wide audience, like Skillsoft's, is important.”
T-Mobile recently achieved International Organization for Standardization (ISO) 27001 certification, one of the most well-known cybersecurity certifications in the world. And they recently secured an A rating from ImmuniWeb along with a 780/900 score from Bitsight.
In 2024, cybersecurity training is a critical line of defense for your organization. As an L&D leader, you are the driving force behind this transformation, empowering your teams with the skills and knowledge they need today.
Skillsoft’s cybersecurity training provides a comprehensive, outcome-oriented curriculum that's designed to provide your employees with a multi-faceted, blended learning experience.
To learn more, reach out to schedule a demo today.