The cybersecurity industry needs nearly four million professionals to fill vacant roles, and as adversaries advance their tactics, this figure is set to increase. Meanwhile, this skills shortage significantly impacts organizations worldwide, with 70% of IT leaders saying this widening gap creates additional risks for their business.

While many organizations are taking creative approaches to recruiting and hiring new cybersecurity talent, these efforts alone won’t immediately eliminate the growing skills gap. As an increasing number of organizations fall victim to cyber incidents—87% said they had one or more breaches in 2023—leaders must take steps to address the skills shortage, fill critical open positions, and augment their security posture.

Breaches are having a more significant—and more visible—impact

Leaders increasingly attribute more breaches to a lack of cyber skills within their organization. According to the Fortinet 2024 Global Cybersecurity Skills Gap Report,in the past year, nearly 90% of organizational leaders said they experienced a breach that they can partially attribute to a lack of cybersecurity knowledge, up from 84% in 2023 and 80% in 2022.

When cyber incidents happen, they have a more substantial impact on businesses, ranging from financial repercussions to reputational challenges. According to the report, corporate leaders are increasingly being held accountable for cyber incidents, with 51% of respondents noting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. Additionally, more than 50% of respondents indicated that breaches cost their organizations more than $1 million in lost revenue, fines, and other expenses last year.

As a result, boards of directors are taking a greater interest in cybersecurity, viewing it as a business imperative. Executives and board members are increasingly prioritizing security, with 72% of IT leaders indicating their boards were more focused on cybersecurity in 2023 than the previous year. Mandatory organization-wide cybersecurity training, certification opportunities for IT personnel, and procurement of new or better security solutions are just a few of the improvements discussed or implemented by boards of directors.

An urgent imperative to strengthen cyber defenses

As cyberattacks increase in frequency and the ramifications become more severe and more apparent, many enterprises are reevaluating and refreshing their cybersecurity efforts to strengthen their defenses. While there are countless actions IT leaders can take to enhance their organization’s risk management program, we’re seeing institutions focus on a three-pronged approach to improving cybersecurity that combines training, awareness, and technology.

First, organizations are helping IT and security teams obtain vital security skills by investing in training and certification opportunities.Finding upskilling opportunities for existing employees benefits both the individual and the organization. And the good news is that leaders see the value in upskilling. For example, nearly 90% of IT leaders say they are willing to pay for an employee to earn a cybersecurity certification. Those who have a certification themselves or work with someone who holds a certification notice clear advantages, including increased cybersecurity skills and knowledge and the ability to perform job-related tasks better.

Organizations are also working to create a company-wide culture of cyber awareness. Cybersecurity is everyone’s responsibility, and employees are often on the front lines regarding cyberattacks. With proper knowledge of common cyber attacks, employees can serve as a solid first line of defense against adversaries. Developing an effective security awareness education effort requires leaders to establish a vision for the program, cover relevant topics like phishing and social engineering, and create a long-term strategy for engaging employees with fresh content and new opportunities to test their knowledge. The Fortinet Training Institute— which offers one of the industry’s broadest training and certification programs—is dedicated to making cybersecurity education and related career opportunities available to all and offers a security awareness training program for organizations to use to develop a cyber-aware workforce. 

Finally, businesses are reevaluating their respective technology stacks and adopting effective security solutions to strengthen their security posture. Almost 60% of IT leaders say their executives and board members have either discussed or moved forward with purchasing new security solutions. This is encouraging, as 54% of respondents note that a lack of cybersecurity products has contributed to past breaches within their organization. To help businesses enhance their security posture, Fortinet offers the largest integrated portfolio of more than 50 enterprise-grade products through its Fortinet Security Fabric platform.

Addressing the skills gap must be a team effort

While organizations can take many steps to compensate for the skills gap, addressing the challenge and bringing new talent to the cybersecurity field must be a collaborative effort. From public-private partnerships designed to upskill and reskill learners in cybersecurity to free or low-cost training and certification programs, there are numerous resources available that the industry must take advantage of to make meaningful improvements in filling critical cybersecurity roles. By working together and finding new, unique ways to attract, hire, and retain talent, we can collectively make progress in both better protecting our organizations and effectively disrupting global cybercrime.