Widespread gaps across healthcare, finance and MSSP sectors underscore the urgent need for capability-based upskilling

Hack The Box (HTB), a global leader in gamified cybersecurity upskilling software solutions, today released three sector-specific assessments for healthcare, finance and Managed Security Service Providers (MSSPs). The findings convey a compelling message: cybersecurity readiness can no longer be measured solely by compliance; technical capability is now the definitive benchmark for resilience. The reports reveal that while organizations may excel at visibility and detection, they lack the technical depth to prevent, contain or recover from modern cyberattacks effectively.

The reports analyze performance data from over 4,500 cybersecurity professionals across 795 security teams worldwide, encompassing 40 practical challenges. The data shows persistent skills gaps that undermine organizations and specialized providers, leaving critical systems vulnerable, even in sectors subject to high regulatory scrutiny. For example, the MSSP report highlights that while service providers scale monitoring and incident response effectively, they struggle with prevention and adversary emulation, capabilities critical for protecting client environments against advanced threat actors.

“Cyber threats evolve daily, yet many organizations still measure readiness through compliance alone,” said Haris Pylarinos, CEO and founder of Hack The Box. “What the data shows is that resilience comes from capability. We need to rethink how we prepare our teams, not just how we audit them.”

Key Takeaways

Healthcare Sector Report

• Strong OSINT and detection capabilities, but prevention remains weak.
• AI readiness is promising but lacks secure deployment practices.
• Persistence and lateral movement are high-risk exposure points post-breach.

Finance Sector Report

• Financial institutions excel in threat visibility yet lack the depth to neutralize threats effectively.
• Emerging vulnerabilities around blockchain and smart contract environments.
• SOC teams require enhanced oversight of detection progress and response metrics.

MSSP Sector Report

• The breadth of monitoring is strong, but the depth in offensive security and threat emulation is lacking.
• AI is a force multiplier, but secure coding remains a blind spot.
• MSSPs are proficient generalists yet struggle with domain-specific expertise.

The Cyber Skills Benchmark 2025 Report provides organizations with a clear, data-driven foundation for understanding how technical capability shapes cyber resilience. By highlighting real-world performance across sectors, these reports provide clarity on where skills are strong, where gaps remain and where strategic investment is most needed to meet evolving security demands.

About Hack The Box

Hack The Box is the leading cybersecurity readiness and upskilling software platform, trusted by Fortune 500 enterprises, government organizations, and MSSPs to build cyber resilience at scale. Through AI-enhanced intelligence, gamified labs, live-fire simulations, and the power of one of the world’s largest cybersecurity communities, Hack The Box helps teams master offensive and defensive skills in the age of AI through real-world scenarios. Founded in 2017, Hack The Box has grown its global community of over 4 million members and 1,500 enterprises, helping organizations validate resilience, mitigate breach risk, and develop cyber talent. For more information, visit hackthebox.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251014599368/en/

“Cyber threats evolve daily, yet many organizations still measure readiness through compliance alone. What the data shows is that resilience comes from capability. We need to rethink how we prepare our teams, not just how we audit them.”