AI, Cybersecurity, and Regulation: Why Skills Are Now Your Strongest Defence

The AI-driven threat landscape

Artificial Intelligence is no longer an emerging trend; it is the defining force reshaping cybersecurity. For enterprises, the challenge is clear: AI is accelerating both innovation and risk at unprecedented speed.

Cyber threats are becoming more sophisticated, automated, and scalable, and AI is intensifying this shift. In 2025, attackers are increasingly weaponising AI to enhance phishing, social engineering, and vulnerability discovery. AI-driven deception has contributed to a 442% increase in voice phishing attacks, while 79% of breaches now involve identity-based, malware-free techniques. [crowdstrike.com]

At the same time, the business impact continues to grow, with the average global cost of a data breach exceeding $4.4 million. [deepstrike.io]

AI is also compressing attack timelines; what once took weeks can now happen in minutes, forcing organisations to rethink how they detect, respond, and contain threats. 

CompTIA research reinforces this shift. According to the IT Industry Outlook 2026, 40% of organisations say generative AI is directly impacting cybersecurity strategy, while 42% highlight the growing importance of AI-enabled operations. At the same time, many organisations are struggling to keep pace: CompTIA's AI’s Impact on Productivity and the Workforce report says AI skilling strategies remain largely reactive, even as 85% of companies seek validated AI skills through industry-recognised certifications. Together, these trends highlight a critical reality: cybersecurity is no longer just about managing threats, but about building the skills to keep up with an AI-driven risk landscape.

Regulation adds a new layer of complexity

The challenge isn’t only technological, it is regulatory. Across the EU, frameworks such as NIS2, DORA, and the Cyber Resilience Act (CRA) are reshaping cybersecurity expectations.

These regulations expand the scope of organisations required to comply, introduce stricter incident reporting requirements, and enforce accountability at the leadership level. They also demand structured approaches to risk management, resilience, and supply chain security.

For many enterprises, the real difficulty lies in navigating an evolving ecosystem of overlapping requirements, not just complying with one framework, but aligning across several simultaneously.

The skills gap: From foundations to advanced security

In this new reality, cybersecurity is no longer just a technology issue; it is a skills challenge.

AI introduces entirely new attack vectors, such as prompt injection, model exploitation, and autonomous agent risks, while amplifying traditional threats. Organisations must combine advanced capabilities with strong fundamentals in detection, response, and governance.

Crucially, this starts with foundational knowledge. As AI becomes embedded in everyday roles, even non-specialist employees need core understanding of security, AI usage, and risk. Building awareness in areas such as AI Prompting Essentials and AI in job roles, such as marketing, sales, and on the help desk is becoming just as important as developing advanced cybersecurity expertise.

Without this broad-based skills foundation, organisations risk creating gaps that attackers can exploit.

Building cyber resilience through continuous training

This is where continuous training becomes critical.

Structured certification pathways, including CompTIA Security+, CySA+, and PenTest+, build core and analytical cybersecurity capabilities, while SecurityX and SecAI+ extend expertise into advanced and AI-focused domains. These certifications align with frameworks such as NIS2 and DORA, helping organisations develop skills in line with recognised European standards.

At the same time, organisations must not overlook entry-level and cross-functional skills. CompTIA’s Essentials Series, including AI Prompting Essentials and AI in Job Roles, helps build practical, accessible knowledge across the wider workforce, ensuring that AI is used effectively and securely at every level.

Training providers play a vital role in delivering tailored, instructor-led programmes, while flexible self-study tools like CompTIA CertMaster enable continuous upskilling at scale.

In the AI era, organisations that treat training as a strategic, ongoing investment, across both foundational and advanced skills, will be best positioned to strengthen resilience, meet regulatory demands, and stay ahead of evolving threats.

Take the next step towards cyber resilience

As AI continues to reshape the cybersecurity landscape, now is the time to take a more strategic approach to skills, compliance, and resilience.

To learn more about how evolving EU regulations, including NIS2, DORA, and the Cyber Resilience Act, impact your organisation, explore CompTIA in global skills and directives.

If you’re looking to strengthen your security teams, enhance training programmes, or better understand how certifications map to frameworks such as NIS2, DORA, ECSF, and SFIA, connect with the CompTIA team to start building a future-ready cybersecurity workforce.