Fortinet Report Reveals Cybersecurity Hiring Stalls as Nearly Half of IT Leaders Face Corporate Pushback

Cybersecurity skills gap challenges persist in a high-stakes landscape where cybercriminals weaponise AI and IT professionals lack proficiency to use AI defensively

Cyber Resilience | Reports & Predictions | Work & Careers

Posted: Wednesday, Apr 29

KBI.Media
$
Fortinet Report Reveals Cybersecurity Hiring Stalls as Nearly Half of IT Leaders Face Corporate Pushback

Fortinet Report Reveals Cybersecurity Hiring Stalls as Nearly Half of IT Leaders Face Corporate Pushback

SYDNEY AUSTRALIA, April 29, 2026: Fortinet^®, the global cybersecurity leader driving the convergence of networking and security, released the 2026 Global Cybersecurity Skills Gap Report, revealing the emerging and persistent challenges organisations face as they grapple with ongoing cybersecurity skill shortages and the ever-evolving threat landscape. The global survey’s key findings include:

The lack of cybersecurity skills stemming in part from insufficient investment in cybersecurity talent remains a top cause of devastating security breaches.
Although cyber defenders are effectively leveraging AI-powered tools, upskilling and reskilling remain necessary to fully reap the benefits from these advanced technologies.
Despite gaps in investment, organisations are making intentional efforts to attract and retain top-tier cybersecurity talent.

Carl Windsor, CISO, Fortinet, said, “Cybersecurity is not simply a technical issue but a strategic business risk. This year’s survey suggests that while boards generally recognise the importance of cybersecurity, more investment is needed to address key issues, such as emerging AI risks and the ongoing cybersecurity skills shortage. Addressing these issues is critical to business resilience in an increasingly complex threat landscape.”

Cornelius Mare, Chief Information Security Officer, Australia, Fortinet, said, “Organisations across Australia and New Zealand continue to face a persistent cybersecurity skills gap, and this is now being compounded by the rapid adoption of AI.”
“While many organisations are starting to use AI-powered security tools, there is still a clear gap in the skills needed to use these technologies effectively and securely. At the same time, attackers are moving quickly, which puts additional pressure on already stretched security teams.”

“For local organisations, this highlights the need to invest in both people and technology. Building internal capability, alongside adopting AI-enabled security operations, will be critical to improving resilience and reducing risk in an increasingly complex threat landscape.”

Amid high stakes, cybersecurity must be prioritised

A lack of cybersecurity skills remains a top cause of devastating security breaches in enterprises. The global survey revealed:

The stakes are high: 86 per cent of organisations report one or more breaches in the past 12 months. 52 per cent say breaches cost them more than $1 million USD, up from 38 per cent in 2021. Breaches cost most in North America, with the average breach costing $2 million USD.
Lack of cybersecurity skills remains a top concern: For the third consecutive year, IT leaders cited lack of cybersecurity skills as a top cause of security breaches (56 per cent). 51 per cent say that they need senior-level cybersecurity skills most of all, yet 49 per cent struggle to get approval for additional cybersecurity talent. This is surprising as 50 per cent say executives and even Board members have faced penalties after a cyberattack, underscoring the risk.

Employees’ use of AI creates new cybersecurity challenges that boards fail to understand. The report showed:

AI deployment in the enterprise creates risk: Employee use of AI poses a risk that organisations don’t fully understand. Only half (50 per cent) of leaders believe their Board members are “fully aware” of potential risks from AI use.
A new skills gap may emerge: As AI adoption continues, 63 per cent expect more need for AI oversight and governance roles on cybersecurity teams over the next three years.

Despite the gaps in investment, spending on certifications is up year-over-year (YoY). Findings from the report show the following:

Willingness to pay for certifications is up: 92 per cent revealed they would pay for an employee to get certified, up from 73 per cent of respondents in the 2025 report.
Dedicated initiatives to identify and nurture talent: To source talent from underrepresented groups, 92 per cent use internships, apprenticeships, partnerships, and programs. 71 per cent report formal hiring targets for underutilised talent pools.

AI for cybersecurity creates opportunities and challenges

AI-powered cybersecurity tool adoption is widespread as decision-makers see the technology’s potential to support cybersecurity teams with their operations. The survey findings revealed:

Broad adoption of AI-powered security tools: 91 per cent of respondents are using or experimenting with AI-powered cybersecurity solutions. 38 per cent report scepticism or uncertainty about AI for cybersecurity, down from 43 per cent in last year’s report.
AI supports today’s IT and security professionals: 84 per cent say AI-enhanced security tools are helping IT and security teams be more effective and efficient. At the same time, cyber defenders and cybercriminals now use the same technology; 44 per cent of respondents cited defending against AI cybersecurity attacks as a top concern.

AI is widening the cybersecurity skills gap. At the same time, organisations are making multiple efforts to overcome it. Survey respondents shared the following:

Investment in skills development: 60 per cent of respondents say their top recruiting challenge is finding cybersecurity talent with specific experience in AI. Today, 92 per cent are likely to invest in AI-related cybersecurity training or certifications in the next 12 months.
Implementing programs for reskilling: Organisations require staff with new skillsets to support AI adoption, including: AI model development (55 per cent), AI tool oversight (54 per cent), and security automation (52 per cent). 59 per cent of organisations are developing internal training or reskilling programs to support AI adoption, while 52 per cent are procuring training or reskilling from industry vendors.

Business resilience requires investment in closing the cybersecurity skills gap

Board and executive-level investment in a layered approach to cybersecurity, one that blends people, processes, and technology, is essential. Organisations should continue tapping into underutilised talent pools and investing in training and upskilling to build and retain the expertise they need. This requires a coordinated approach grounded in three key pillars: raising awareness and education, expanding access to targeted training and certification, and deploying advanced security technologies.

To help organisations address the challenges caused by the cyber skills gap, the award-winning Fortinet Training Institute provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone, and includes a Security Awareness Training service for organisations to develop a cyber-aware workforce.

As part of Fortinet’s commitment to addressing this growing challenge, Fortinet is on track to train 1 million people in cybersecurity around the world this year, a pledge that began in 2022.

About the Fortinet Global Cybersecurity Skills Gap Report

The survey was conducted among over 2,750 IT and/or cybersecurity decision-makers from 32 different countries and locations.
Survey respondents come from a range of industries; the top three business sectors include technology (22 per cent), manufacturing (16 per cent), and financial services (11 per cent).

Additional Resources

Download a copy of the 2026 Global Cybersecurity Skills Gap Report.
Learn about the Fortinet Training Institute programs, helping address the cyber skills gap through upskilling and reskilling, and free training.
Read more about the Fortinet Security Fabric.
Visit com/trust to learn about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.
Read about how Fortinet customers are securing their organizations.
Learn about Fortinet’s commitment to product security and integrity, including its responsible product development and vulnerability disclosure approach and policies.
Follow Fortinet on X, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.

About Fortinet

Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet’s solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organisations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organisation, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Copyright © 2026 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.