Widespread gaps across healthcare, finance and MSSP sectors underscore the urgent need for capability-based upskilling
Hack The Box (HTB), a global leader in gamified cybersecurity upskilling software solutions, released three sector-specific assessments for healthcare, finance and Managed Security Service Providers (MSSPs). The findings convey a compelling message: cybersecurity readiness can no longer be measured solely by compliance; technical capability is now the definitive benchmark for resilience. The reports reveal that while organizations may excel at visibility and detection, they lack the technical depth to prevent, contain or recover from modern cyberattacks effectively.
“Cyber threats evolve daily, yet many organizations still measure readiness through compliance alone. What the data shows is that resilience comes from capability. We need to rethink how we prepare our teams, not just how we audit them.”
The reports analyze performance data from over 4,500 cybersecurity professionals across 795 security teams worldwide, encompassing 40 practical challenges. The data shows persistent skills gaps that undermine organizations and specialized providers, leaving critical systems vulnerable, even in sectors subject to high regulatory scrutiny. For example, the MSSP report highlights that while service providers scale monitoring and incident response effectively, they struggle with prevention and adversary emulation, capabilities critical for protecting client environments against advanced threat actors.
“Cyber threats evolve daily, yet many organizations still measure readiness through compliance alone,” said Haris Pylarinos, CEO and founder of Hack The Box. “What the data shows is that resilience comes from capability. We need to rethink how we prepare our teams, not just how we audit them.”
Key Takeaways
Healthcare Sector Report
- Strong OSINT and detection capabilities, but prevention remains weak.
- AI readiness is promising but lacks secure deployment practices.
- Persistence and lateral movement are high-risk exposure points post-breach.
Finance Sector Report
- Financial institutions excel in threat visibility yet lack the depth to neutralize threats effectively.
- Emerging vulnerabilities around blockchain and smart contract environments.
- SOC teams require enhanced oversight of detection progress and response metrics.
MSSP Sector Report
- The breadth of monitoring is strong, but the depth in offensive security and threat emulation is lacking.
- AI is a force multiplier, but secure coding remains a blind spot.
- MSSPs are proficient generalists yet struggle with domain-specific expertise.
The Cyber Skills Benchmark 2025 Report provides organizations with a clear, data-driven foundation for understanding how technical capability shapes cyber resilience. By highlighting real-world performance across sectors, these reports provide clarity on where skills are strong, where gaps remain and where strategic investment is most needed to meet evolving security demands.
Catch more CIO Insights: The CIO as AI Ethics Architect: Building Trust In The Algorithmic Enterprise
[To share your insights with us, please write to psen@itechseries.com ]
