Fortinet report highlights global cybersecurity skills shortage
Fortinet has unveiled its 2024 Global Cybersecurity Skills Gap Report, highlighting the persistent challenges associated with the shortage of cybersecurity skills affecting organisations worldwide. The report reveals that nearly 90 per cent of organisations have experienced a breach within the past year which they can partially attribute to the cyber skills gap, with 70 per cent attributing increased cyber risks to this shortfall.
John Maddison, chief marketing officer at Fortinet, discussed the findings, stating, "The results from our latest Global Cybersecurity Skills Gap Report highlight the critical need for a collaborative, multi-faceted approach to closing the skills gap. To effectively mitigate risk and combat today's complex threats, organisations must employ a strategic combination of leveraging the right security technology, upskilling existing security professionals through training and certifications, and fostering a cyber-aware workforce."
The report notes that the repercussions of cyber breaches remain significant, with executive leaders often facing penalties when incidents occur. In Australia and New Zealand, almost two-thirds (64 per cent) of respondents reported their executive leaders faced fines, jail time, or loss of employment following a cyberattack. Additionally, corporate boards have placed increased focus on cybersecurity, with measures such as mandatory training or certifications for IT staff (56 per cent), security awareness training for all staff (70 per cent), and investing in security solutions (50 per cent).
The impact of breaches on organisations' resources is evident, with 92 per cent of respondents experiencing one or more breaches in the past 12 months. More than half (57 per cent) reported that recovery from a cyberattack took over a month, while 53 per cent experienced breaches costing over USD $1 million to remediate. These figures have risen from previous years, highlighting the escalating financial toll of cyber insecurity.
The report identifies the top three causes of breaches: lack of necessary skills and training among IT or security staff (61 per cent), lack of organisational or employee security awareness (63 per cent), and insufficient cybersecurity products (59 per cent). Furthermore, 70 per cent of respondents agreed that the cybersecurity skills shortage introduces additional risks to their organisation. The search for candidates with cloud security experience was pinpointed as a particular challenge, with 46 per cent identifying it as the greatest difficulty.
Hiring managers continue to value certifications highly, with 96 per cent expressing a preference for candidates with such credentials, and 92 per cent willing to fund cybersecurity certifications for employees. However, 78 per cent noted difficulty in finding candidates with technology-focused certifications, an increase from previous years.
Organisations in Australia and New Zealand are also setting diversity hiring goals, with 86 per cent aiming to recruit from diversified talent pools over the next few years. Despite this, many still adhere to traditional hiring criteria, which could inadvertently exclude potential candidates from underrepresented backgrounds. The report shows fluctuations in active hires across different demographics: female hires increased to 80 per cent, while hires from minority groups and veterans displayed mixed results.
Fortinet's approach to bolstering cyber resilience involves a three-pronged strategy: training and certifying IT and security teams, cultivating a cyber-aware workforce, and deploying effective security solutions. As part of its "Fortinet Training Institute," the company is committed to training one million people by 2026, having already trained close to half a million individuals.
The survey underpinning the report gathered responses from over 1,850 IT and cybersecurity decision-makers across 29 countries, spanning various industries such as technology, manufacturing, and financial services. The comprehensive findings underscore the need for a strategic and diverse approach to bridging the cybersecurity skills gap globally.