Fortinet annual skills gap report reveals growing connection between cybersecurity breaches and skills shortages
Nearly 90 per cent of organisations experienced a breach in the last year that they can partially attribute to a lack of cyber skills, and 70 per cent attribute increased cyber risks to the skills gap
Posted: Thursday, Jun 27
  • KBI.Media
  • $
  • Fortinet annual skills gap report reveals growing connection between cybersecurity breaches and skills shortages
Fortinet annual skills gap report reveals growing connection between cybersecurity breaches and skills shortages

John Maddison, chief marketing officer, Fortinet, said, โ€œThe results from our latest Global Cybersecurity Skills Gap Report highlight the critical need for a collaborative, multi-faceted approach to closing the skills gap. To effectively mitigate risk and combat todayโ€™s complex threats, organisations must employ a strategic combination of leveraging the right security technology, upskilling existing security professionals through training and certifications, and fostering a cyber-aware workforce. As part of Fortinetโ€™s dedication to closing the skills gap through this three-pronged approach, we pledged to train one million people in cyber by 2026. As we near the halfway mark of this five-year commitment, we are close to having trained half a million individuals to date.โ€ย 

News Summary

Fortinetยฎ (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, has released its 2024 Global Cybersecurity Skills Gap Report, which highlights ongoing challenges related to the cybersecurity skills shortage impacting organisations around the globe. Key findings from the report include:ย 

  • Organisations are increasingly attributing breaches to the cyber skills gap.ย 
  • Breaches continue to have significant repercussions for businesses, and executive leaders are often penalised when they happen.ย 
  • Certifications continue to be highly regarded by employers as a validator of current cybersecurity skills and knowledge.ย 
  • Numerous opportunities remain for hiring from diverse talent pools to help address the skills shortage.ย 

Key findings from respondents based in Australia and New Zealand include:ย 

  • Corporate leaders are being held accountable. Almost two-thirds (64 per cent) of respondents said their directors or executives have faced fines, jail time, or loss of employment or position following a cyberattack. To improve cybersecurity, boards have discussed or implemented measures including mandatory training or certifications for information technology or security staff (56 per cent), security awareness training for all staff (70 per cent), and purchasing security solutions (50 per cent). Two-thirds (66 per cent) of respondents said theirโ€ฏboard hasโ€ฏputโ€ฏmore focus onโ€ฏcybersecurityโ€ฏthis year.ย 
  • Breaches consume precious time and money. The overwhelming majority (92 per cent) of respondents experienced one or more breaches in the last 12 months. More than half (57 per cent) said it took longer than a month to recover from a cyberattack, while 53 per cent of respondents suffered breaches that cost more than US$1 million to remediate, which was up from 40 per cent in 2022 and 36 per cent in 2021.ย 
  • Cybersecurity depends on three key factors. Respondents said the top three causes of breaches were information technology or security staff lack the necessary skills and training (61 per cent), a lack of organisational or employee security awareness (63 per cent), and a lack of cybersecurity products (59 per cent). More than two-thirds (70 per cent) agreed that the cybersecurity skills shortage creates additional risks for their organisation, while 46 per cent agreed that the greatest challenge is finding candidates with specific experience in cloud security.ย 
  • Candidates with certifications stand out. Almost all (96 per cent) respondents prefer to hire candidates with certifications, while 92 per cent would pay for an employee to obtain a cybersecurity certification. Over three quarters (78 per cent) of respondents agreed that itโ€™s difficult to find candidates with technology-focused certifications, which was up from 64 per cent in 2022 and 62 per cent in 2021.ย 
  • Organisations may be overlooking candidates from underrepresented backgrounds. More than four in five (86 per cent) companies in Australia and New Zealand have set diversity hiring goals for the next few years. More than half (54 per cent) require four-year degrees and 72 per cent only hire candidates with traditional training backgrounds. Despite ongoing targets, diversity hiring varies from year to year, with active hires of women up to 80 per cent from 66 per cent in 2022 and 2021; hires from minority groups are down slightly at 78 per cent from 80 per cent in 2022 and 86 per cent in 2021; and active hires of veterans are up to 70 per cent from 46 per cent in 2022 and 48 per cent in 2021.ย 

The cyber skills gap continues to impact companies worldwide

An estimated four million professionals are needed to fill the growing cybersecurity workforce gap. At the same time, Fortinetโ€™s 2024 Global Cybersecurity Skills Gap Report found that 70 per cent of organisations indicated that the cybersecurity skills shortage creates additional risks for their organisations. Other findings that highlight the impact of the growing skills gap on companies across the globe include:ย 

  • Organisations are attributing more breaches to a lack of cyber skills. In the past year, nearly 90 per cent of organisational leaders (87 per cent) said they experienced a breach that they can partially attribute to a lack of cyber skills, up from 84 per cent in the 2023 report and 80 per cent the year prior.ย 
  • Breaches have a more substantial impact on businesses. Breaches have a variety of repercussions, ranging from financial to reputational challenges. This yearโ€™s survey reveals that corporate leaders are increasingly being held accountable for cyber incidents, with 51 per cent of respondents noting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. Additionally, more than 50 per cent of respondents indicated that breaches cost their organisations more than US$1 million in lost revenue, fines, and other expenses last yearโ€”up from 48 per cent in the 2023 report and 38 per cent from the previous year.ย 
  • Boards of directors view cybersecurity as a business imperative. As a result, executives and boards of directors increasingly prioritise cybersecurity, with 72 per cent of respondents saying their boards were more focused on security in 2023 than the previous year. And 97 per cent of respondents say their board sees cybersecurity as a business priority.ย 

Hiring managers value continued learning and certifications

Business leaders widely regard certifications as validation of cybersecurity knowledge, and those who hold a certification or work with someone who does notice clear benefits. This yearโ€™s survey also found that:ย 

  • Candidates with certifications stand out. More than 90 per cent of respondents said they prefer hiring candidates with certifications.ย 
  • Leaders believe that certifications improve security posture. Respondents place such high value on certifications that 89 per cent said they would pay for an employee to obtain a cybersecurity certification.ย 
  • Finding candidates who hold certifications isnโ€™t easy. More than 70 per cent of respondents indicated that it is difficult to find candidates with technology-focused certifications.ย 

Companies are expanding hiring criteria to fill open roles

As the cyber workforce shortage persists, some organisations diversify their recruitment pools to include candidates whose credentials fall outside traditional backgroundsโ€”such as a four-year degree in cybersecurity or a related fieldโ€”to attract new talent and fill open roles. Shifting these hiring requirements can unlock new possibilities, especially if organisations are also willing to pay for certifications and training. The report also found that:ย 

  • Organisations continue to have programs dedicated to recruiting from a diversified talent pool. Eighty-three percent of respondents said their organisations have set diversity hiring goals for the next few years โ€”in line with last yearโ€™s report, but slightly down from 89 per cent in 2021.ย 
  • Diversity hiring varies from year to year. Despite ongoing recruitment targets, female hires are down to 85 per cent from 89 per cent in 2022 and 88 per cent in 2021; hires from minority groups remain unchanged at 68 per cent and up slightly from 67 per cent in 2021; and veteran hires are up slightly to 49 per cent from 47 per cent in 2022, but down from 53 per cent in 2021.ย 
  • While many hiring managers value certifications, some organisations still prefer candidates with traditional backgrounds. Despite many respondents saying they value certifications, 71 per cent of organisations still require four-year degrees, and 66 per cent hire only candidates with traditional training backgrounds.ย 

Organisations are taking a three-pronged approach to building cyber resiliency

The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defences across enterprises. As a result, organisations are focusing on a three-pronged approach to cybersecurity that combines training, awareness, and technology:ย 

  • Help information technology (IT) and security teams obtain vital security skills by investing in training and certifications needed to achieve this goal.ย 
  • Cultivate a cyber-aware frontline staff who can contribute to a more secure organisation as a first line of defence.ย 
  • Use effective security solutions to ensure a strong security posture.ย 

To help organisations achieve these objectives, Fortinet offers the largest integrated portfolio of more than 50 enterprise-grade products through its Fortinet Security Fabric platform. Additionally, the award-winning Fortinet Training Institute, one of the industryโ€™s broadest training and certification programs, is dedicated to making cybersecurity certification and new career opportunities available to all populations, including a Security Awareness Training offering for organisations to develop a cyber-aware workforce.ย ย 

About the Fortinet skills gap surveyย 

  • The survey was conducted among over 1,850 IT and cybersecurity decision-makers from 29 different countries and locations.ย 
  • Survey respondents come from a range of industries, including technology (21 per cent), manufacturing (15 per cent), and financial services (13 per cent).ย 

Additional resources

About Fortinet

Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinetโ€™s solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with high-profile, well-respected organisations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinetโ€™s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinetโ€™s elite threat intelligence and research organisation, develops and utilises leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet blog, and FortiGuard Labs.ย 

Copyright ยฉ 2024 Fortinet, Inc. All rights reserved. The symbols ยฎ and โ„ข denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinetโ€™s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.ย 

Share This