Growing connection between cybersecurity breaches and skills shortages

Nearly 90% of organizations experienced a breach in the last year that they can partially attribute to a lack of cyber skills, and 70% attribute increased cyber risks to the skills gap.

  • Wednesday, 26th June 2024 Posted 3 weeks ago in by Phil Alsop

Fortinet has released its 2024 Global Cybersecurity Skills Gap Report, which highlights ongoing challenges related to the cybersecurity skills shortage impacting organizations around the globe. Key findings from the report include:

Organizations are increasingly attributing breaches to the cyber skills gap.

Breaches continue to have significant repercussions for businesses, and executive leaders are often penalized when they happen.

Certifications continue to be highly regarded by employers as a validator of current cybersecurity skills and knowledge.

Numerous opportunities remain for hiring from diverse talent pools to help address the skills shortage.

The Cyber Skills Gap Continues to Impact Companies Worldwide

An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap. At the same time, Fortinet's 2024 Global Cybersecurity Skills Gap Report found that 70% of organizations indicated that the cybersecurity skills shortage creates additional risks for their organizations. Other findings that highlight the impact of the growing skills gap on companies across the globe include:

Organizations are attributing more breaches to a lack of cyber skills. In the past year, nearly 90% of organizational leaders (87%) said they experienced a breach that they can partially attribute to a lack of cyber skills, up from 84% in the 2023 report and 80% the year prior.

Breaches have a more substantial impact on businesses. Breaches have a variety of repercussions, ranging from financial to reputational challenges. This year’s survey reveals that corporate leaders are increasingly held accountable for cyber incidents, with 51% of respondents noting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. Additionally, more than 50% of respondents indicate that breaches cost their organizations more than $1 million in lost revenue, fines, and other expenses last year—up from 48% in the 2023 report and 38% from the previous year.

Boards of directors view cybersecurity as a business imperative. As a result, executives and boards of directors increasingly prioritize cybersecurity, with 72% of respondents saying their boards were more focused on security in 2023 than the previous year. And 97% of respondents say their board sees cybersecurity as a business priority.

Hiring Managers Value Continued Learning and Certifications

Business leaders widely regard certifications as validation of cybersecurity knowledge, and those who hold a certification or work with someone who does notice clear benefits. This year’s survey also found that:

Candidates with certifications stand out. More than 90% of respondents said they prefer hiring candidates with certifications.

Leaders believe that certifications improve security posture. Respondents place such high value on certifications that 89% said they would pay for an employee to obtain a cybersecurity certification.

Finding candidates who hold certifications isn’t easy. More than 70% of respondents indicated that it is difficult to find candidates with technology-focused certifications.

Companies Are Expanding Hiring Criteria to Fill Open Roles

As the cyber workforce shortage persists, some organizations diversify their recruitment pools to include candidates whose credentials fall outside traditional backgrounds—such as a four-year degree in cybersecurity or a related field—to attract new talent and fill open roles. Shifting these hiring requirements can unlock new possibilities, especially if organizations are willing to pay for certifications and training. The report also found that:

Organizations continue to have programs dedicated to recruiting from a diversified talent pool. Eighty-three percent of respondents said their organizations have set diversity hiring goals for the next few years, in line with last year’s report but slightly down from 89% in 2021.

Diversity hiring varies from year to year. Despite ongoing recruitment targets, female hires are down to 85% from 89% in 2022 and 88% in 2021; hires from minority groups remain unchanged at 68% and up slightly from 67% in 2021; and veteran hires are up slightly to 49% from 47% in 2022, but down from 53% in 2021.

While many hiring managers value certifications, some organizations still prefer candidates with traditional backgrounds. Despite many respondents saying they value certifications, 71% of organizations still require four-year degrees, and 66% hire only candidates with traditional training backgrounds.

Organizations Are Taking a Three-Pronged Approach to Building Cyber Resiliency

The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defenses across enterprises. As a result, organizations are focusing on a three-pronged approach to cybersecurity that combines training, awareness, and technology:

Help IT and security teams obtain vital security skills by investing in training and certifications to achieve this goal.

Cultivate a cyber-aware frontline staff who can contribute to a more secure organization as a first line of defense.

Use effective security solutions to ensure a strong security posture.

To help organizations achieve these objectives, Fortinet offers the largest integrated portfolio of more than 50 enterprise-grade products through its Fortinet Security Fabric platform. Additionally, the award-winning Fortinet Training Institute, one of the industry's broadest training and certification programs, is dedicated to making cybersecurity certification and new career opportunities available to all populations, including a Security Awareness Training offering for organizations to develop a cyber-aware workforce.

Critical cybersecurity gaps

Posted 14 hours ago by Phil Alsop
49% of survey respondents said their organisations struggle to operationalise and get value from their threat intelligence due to team, tech, and...

Digital decarbonisation - call for action

Posted 1 day ago by Phil Alsop
Leading digital infrastructure companies call for industry adoption of Environmental Product Declarations (EPDs) to accelerate net-zero ambitions.

Rushed to the cloud?

Posted 1 day ago by Phil Alsop
Potential flaws and failings in long-term public cloud strategies place unrealistic demands on those implementing and managing migration projects.

AI or bust?

Posted 1 day ago by Phil Alsop
UK businesses could fall behind if they don’t invest in AI. But the speed of AI development is leaving IT teams scrambling to plug security gaps,...
According to the new AI Networks for AI Workloads report by Dell’Oro Group, spending on switches deployed in AI back-end networks used to connect...

Crucial need for hybrid storage strategies

Posted 1 day ago by Phil Alsop
Nasuni has unveiled the findings of its new industry research 2024 report entitled, “The Era of Hybrid Cloud Storage.” The research includes...
75% of US and UK firms fail to respond to critical vulnerabilities within 24 hours.

Security pros admit to using shadow SaaS

Posted 5 days ago by Phil Alsop
Research reveals one in ten security professionals admit to having suffered a data breach as a result of Shadow SaaS, but still regularly use...