The gap between security skills and business goals in the FSBI industry

Cybersecurity threats and vulnerabilities are the number one reason financial services organizations invest in upskilling and reskilling.

But there’s a gap between security skills, training, and business goals. In fact, only 21% of leaders say their team’s cybersecurity and threat management skills meet their organization’s objectives extremely well.

We surveyed 130 IT and security leaders in the financial services industry to learn more about the current state of security skills in their organizations and what they should focus on in the coming years. 

Want a look at tech skills, gaps, and challenges across industries? Download the 2025 Tech Skills Report.

Nearly half (46%) of financial services leaders say their organization’s current cybersecurity skills are mature. In other words, they have well-established practices and regularly update them. Another 21% say their organization is advanced. They have a proactive security posture and continuously improve it.

Despite this confidence, only 21% of leaders say their workforce’s cybersecurity and threat management skills meet their organization’s objectives extremely well.

Training also isn’t fully aligned. Only 16% of leaders say their security training directly supports business objectives.

Leaders may be confident in their team’s security skills, but a disconnect between skills, training, and organizational goals will lead to issues down the line. This can impact your team’s ability to defend against threats, comply with regulations, and develop new products and services.

If you can’t show the business impact, it can also make it harder to get executive buy-in for security training, tools, and initiatives.

“For the banking industry, it’s important to have the skills aligned with the projects to see the benefit and value of it in terms of dollar value,” said one respondent.

Learn how FinTech leader FIS aligned their learning strategy with business objectives, reducing the percentage of novice-level employees from 47% to 13%.

In addition to business goals, upskilling programs should take into account cybersecurity regulations, standards, and certifications. Leaders in financial services organizations say these are the most relevant ones for their business: 

• SOC 2 (Service Organization Control 2) 

• GDPR (General Data Protection Regulation)

• PCI-DSS (Payment Card Industry Data Security Standard)

• ISO 27001/27002

• NIST Cybersecurity Framework

When developing upskilling programs, align with relevant frameworks and ensure teams know what they need to stay compliant.

Between new threats and vulnerabilities, changing regulations, and AI increasing attack scale, keeping up with the ever-changing security landscape isn’t easy. 

Security teams in financial services organizations primarily rely on regular training and certifications to stay on top of evolving threats and regulations. They also use industry conferences and events, hands-on labs and simulation environments, and vendor-provided training. 

The key here is regular training—one-off workshops or courses aren’t enough to keep up with the pace of change. Instead, you need to build a culture of learning and provide ongoing access to learning resources, preferably with hands-on training and certification prep. Then supplement this with opportunities to attend conferences like RSA or local security events. 

As one respondent wrote, “Training technology associates is the only way to stay on top of a rapidly changing environment.”

Learn how to combine continuous learning with targeted upskilling.

Leaders at financial services organizations say the majority of their training budget for cybersecurity and cloud goes to online learning platforms (57%), certification programs and exams (47%), and internal training development (43%).

But some leaders say they need deeper clarity. “We lack a formal process and transparent budget for training. This not only affects our employees' skills, but also job satisfaction and retention,” said one respondent.

Upskilling doesn’t only require a dedicated budget—it also requires transparency to ensure training investments meet business goals and learner needs. 

Reevaluating your training budget for security skills regularly is also key. Nearly half (45%) of leaders say they reassess their budget and resource allocation for technology skills training annually. But this isn’t frequent enough for an industry at the forefront of so much change. 

A lot can happen in a year. Reassessing budgets on an annual basis increases the risk of widening skills gaps and lagging behind more adaptable competitors.

Financial services organizations should reevaluate their skill development budgets at least once per quarter. This ensures your organization can react to changes in the market and develop skills for emerging technologies.  

As financial services organizations look to strengthen their security stance, it’s worth noting that skills are only one part of the picture. Organizations need a culture of security that permeates every aspect of the business. 

As one respondent said, “Many organizations struggle to integrate cybersecurity as a core cultural element. Without this integration, employees may not feel a sense of responsibility toward cybersecurity, negatively affecting overall security posture. Companies need to foster an environment where cybersecurity awareness is a shared responsibility across all levels of staff.”

Secure your financial institution. Build your team’s skills with Pluralsight’s hands-on learning platform.