Fortinet Annual Skills Gap Report Uncovers an Increase in Breaches Attributed to a Lack of Cybersecurity Skills
John Maddison, EVP of Products and CMO at Fortinet
“The cybersecurity talent shortage is one of the top challenges putting organizations at risk, as clearly demonstrated by the results of the latest Global Cybersecurity Skills Gap Report from Fortinet. In today’s climate, organizations must choose products that introduce automation to offload overworked teams while continuing to focus on upskilling and cybersecurity training.”
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today released its 2023 Global Cybersecurity Skills Gap Report, which reveals ongoing challenges related to the cybersecurity skills shortage affecting organizations worldwide. Key findings from the global report include:
- The cybersecurity skills shortage has contributed to critical IT positions not being filled, which increases organizations’ cyber risks, such as breaches.
- Cybersecurity remains a priority for boards of directors and there is executive demand for increased IT security headcount.
- Technology-focused certifications are highly regarded by employers, serving as validation of skill sets.
- Organizations recognize the advantage of recruiting and retaining diverse talent to help address the skills shortage, but doing so has presented a challenge.
The Costly Reality of the Increasing Cybersecurity Skills Gap
An estimated 3.4 million professionals are needed to fill the global cybersecurity workforce gap. At the same time, the 2023 Global Cybersecurity Skills Gap Report found that the number of organizations experiencing five or more breaches jumped by 53% from 2021 to 2022. One repercussion of this is that many short-staffed cybersecurity teams are burdened and strained as they try to keep up with thousands of daily threat alerts and attempt to manage disparate solutions to properly protect their organization’s devices and data.
Additionally, as a result of unfilled IT positions due to the cyber skills shortage, the report also found that 68% of organizations indicate they face additional cyber risks. Other findings highlighting increased cyber risks that could be partially attributed to the talent shortage include:
- Security intrusions are increasing: One resulting cyber risk is increased breaches, with 84% of organizations experiencing one or more cybersecurity intrusions in the past 12 months, up from 80% from last year.
- More organizations were impacted financially due to breaches: Nearly 50% of organizations suffered breaches in the past 12 months that cost more than $1 million to remediate, which is up from 38% of organizations compared to last year’s report.
- Cyberattacks will continue to increase: At the same time, 65% of organizations expect the number of cyberattacks to increase over the next 12 months, further compounding the need to fill crucial cyber positions to help strengthen organizations’ security postures.
- The skills gap is a top concern for boards of directors: The report demonstrated that more than 90% of boards (93%) are asking how the organization is protecting against cyberattacks. At the same time, 83% of boards are advocating for hiring more IT security staff, emphasizing the demand for security talent.
Upskilling Security Professionals and Developing More Talent with Training
The report also suggested that employers recognize how training and certifications can benefit their organization in addressing the skills gap, while also serving as an advantage for anyone looking to advance in their current security profession, as well as for individuals considering transitioning into the field. Below are additional highlights from the report around training:
- Certifications are sought after by employers: Beyond experience, employers view certifications and training as reliable validation of an individual’s skill set with 90% of business leaders preferring to hire individuals with technology-focused certifications, up from 81% the year before. Additionally, 90% of respondents would pay for an employee to get a cybersecurity certification.
- Certifications benefit both organizations and individuals. More than 80% of report respondents (82%) indicated their organization would benefit from cybersecurity certifications and 95% of business leaders have experienced positive results from either their team or themselves being certified.
- Not enough professionals are certified: While certifications are highly regarded, more than 70% of respondents said it is difficult to find people with certifications.
Increasing Opportunities for Women, Veterans and Other Populations Can Help Solve the Skills Gap
While the report demonstrated that organizations are seeking ways to tap into new talent pools to fill cybersecurity roles, with 8 out of 10 organizations having diversity goals as part of their hiring practices, roughly 40% of organizations indicate they have difficulty finding qualified candidates who are women, military veterans, or from minority backgrounds.
- The report suggested that there was a decrease in veterans being hired compared to last year, with the number of organizations indicating they hired military veterans dropping from 53% in 2021 to 47% in 2022.
- At the same time, the report shows there was only a 1% increase year-over-year in organizations hiring women (88% in 2021 and 89% in 2022) and minorities (67% in 2021 and 68% in 2022).
Fortinet’s Commitment to Closing the Skills Gap
To help alleviate the challenges resulting from the skills shortage, Fortinet is committed to helping organizations improve the management of cyber risks with ML-driven automation and services, as well as increased access to cyber training. As part of these efforts, Fortinet has pledged to train 1 million people in cybersecurity by 2026 to help increase access for security professionals and untapped talent pools looking to upskill and reskill.
About the Fortinet Skills Gap Survey:
- The survey was conducted among more than 1,800 IT and/or cybersecurity decision-makers from 29 different locations.
- Survey respondents came from a range of industries, including technology (21%), manufacturing (16%), and financial services (13%).
- To learn more about the 2023 Global Skills Gap Report and how the Fortinet Training Institute is addressing the key challenges uncovered in the report, read this blog.
- Learn about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
- Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
- Learn more about Fortinet’s FortiGuard security services portfolio.
- Read about how Fortinet customers are securing their organizations.
- Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.
Copyright © 2023 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.