Fortinet annual skills gap report: increase in breaches due to lack of cybersecurity skills

Fortinet has released its 2023 Global Cybersecurity Skills Gap Report, which reveals ongoing challenges related to the cybersecurity skills shortage affecting organisations worldwide. Key findings from the global report include:

• The cybersecurity skills shortage has contributed to critical IT positions not being filled, which increases organisations’ cyber risks, such as breaches.

• Cybersecurity remains a priority for boards of directors and there is executive demand for increased IT security headcount.

• Technology-focused certifications are highly regarded by employers, serving as validation of skill sets.

• Organisations recognise the advantage of recruiting and retaining diverse talent to help address the skills shortage, but doing so has presented a challenge.

“The cybersecurity talent shortage is one of the top challenges putting organisations at risk, as clearly demonstrated by the results of the latest Global Cybersecurity Skills Gap Report,” said John Maddison, executive vice president of products and chief marketing officer at Fortinet. “In today’s climate, organisations must choose products that introduce automation to offload overworked teams while continuing to focus on upskilling and cybersecurity training.”

An estimated 3.4 million professionals are needed to fill the global cybersecurity workforce gap. At the same time, the 2023 Global Cybersecurity Skills Gap Report found that the number of organisations experiencing five or more breaches jumped by 53 percent from 2021 to 2022.

One repercussion of this is that many short-staffed cybersecurity teams are burdened and strained as they try to keep up with thousands of daily threat alerts and attempt to manage disparate solutions to properly protect their organisation’s devices and data.

Additionally, as a result of unfilled IT positions due to the cyber skills shortage, the report also found that 68 percent of organisations indicate they face additional cyber risks. Other findings highlighting increased cyber risks that could be partially attributed to the talent shortage include:

• Security intrusions are increasing. One resulting cyber risk is increased breaches, with 84 percent of organisations experiencing one or more cybersecurity intrusions in the past 12 months, up from 80 percent from last year.

• More organisations were impacted financially due to breaches. Nearly 50 percent of organisations suffered breaches in the past 12 months that cost more than US$1 million to remediate, which is up from 38 percent of organisations compared to last year’s report.

• Cyberattacks will continue to increase. At the same time, 65 percent of organisations expect the number of cyberattacks to increase over the next 12 months, further compounding the need to fill crucial cyber positions to help strengthen organisations’ security postures.

• The skills gap is a top concern for boards of directors. The report demonstrated that more than 90 percent of boards (93 percent) are asking how the organisation is protecting against cyberattacks. At the same time, 83 percent of boards are advocating for hiring more IT security staff, emphasising the demand for security talent.

The report also suggested that employers recognise how training and certifications can benefit their organisation in addressing the skills gap, while also serving as an advantage for anyone looking to advance in their current security profession, as well as for individuals considering transitioning into the field. Additional highlights from the report around training include:

• Certifications are sought after by employers. Beyond experience, employers view certifications and training as reliable validation of an individual’s skill set with 90 percent of business leaders preferring to hire individuals with technology-focused certifications, up from 81 percent the year before. Additionally, 90 percent of respondents would pay for an employee to get a cybersecurity certification.

• Certifications benefit both organisations and individuals. More than 80 percent of report respondents (82 percent) indicated their organisation would benefit from cybersecurity certifications and 95 percent of business leaders have experienced positive results from either their team or themselves being certified.

• Not enough professionals are certified. While certifications are highly regarded, more than 70 percent of respondents said it is difficult to find people with certifications.

Increasing opportunities for women, veterans and others can help solve the skills gap

While the report demonstrated that organisations are seeking ways to tap into new talent pools to fill cybersecurity roles, with eight out of ten organisations having diversity goals as part of their hiring practices, roughly 40 percent of organisations indicate they have difficulty finding qualified candidates who are women, military veterans, or from minority backgrounds.

The report suggested that there was a decrease in veterans being hired compared to last year, with the number of organisations indicating they hired military veterans dropping from 53 percent in 2021 to 47 percent in 2022.

At the same time, the report shows there was only a one per cent increase year-over-year in organisations hiring women (88 percent in 2021 and 89 percent in 2022) and minorities (67 percent in 2021 and 68 percent in 2022).

The Fortinet skills gap survey was conducted among more than 1,800 IT and/or cybersecurity decision-makers from 29 different locations. Survey respondents came from a range of industries, including technology (21 percent), manufacturing (16 percent), and financial services (13 percent).