Security vendor Fortinet has released the latest 2024 Cybersecurity Skills Gap report, prepared by the Fortinet Training Institute.

The report shows data and conclusions about skills and hiring cybersecurity professionals, as well as executive accountability, breaches, and the causes of breaches. The research contains responses from 1,850 decision-makers in technology, manufacturing, and financial services spread out fairly evenly across the globe.

Training is the highest priority

Overall, the survey shows that training for IT professionals and for end users is the highest priority. Further, it shows that there needs to be more education – the skills gap is huge and makes it difficult for enterprises, governments, and institutions to hire the skilled people they need. All accentuated by a worsening threat and consequences environment.

Of particular interest were the responses regarding the question of corporate leaders being held accountable after an attack or breach. 51% respondents indicated that leaders faced consequences including fines, loss of employment, loss of position, or even jail time.

Fortinet survey – security breach shock

The Fortinet survey showed that an astounding 87% of surveyed enterprises experienced one or more security breaches in 2023. Further the survey indicates that those numbers have been rising over the last three years, as have the financial costs of breaches. Organisations that report breaches but with no financial cost have been shrinking as well. 

Unsurprisingly, corporate boards are showing increased interest in cybersecurity. Rising risks to the business, more costly breaches, and rising personal penalty occurrences are all factors. The survey concludes that boards consider cybersecurity a business priority nearly unanimously. However, it indicates that only a little bit over half of those same boards are discussing hiring or have hired more IT/security professionals.  

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Why people are the problem

Survey results show that a lack of IT staff training and business staff training is considered the most likely causes of a breach, closely followed by a lack of cybersecurity products.

The survey indicates that the preferred solution to increasing cybersecurity risks is certifications for IT staff and security awareness training for all staff. Even experienced IT professionals make mistakes or cut corners in pressure situations. For business staff, cybersecurity isn’t the first thing on their minds when they begin a day’s work. They have their own tasks and priorities, and problems to solve. Training, refreshers, and reminders about good cybersecurity habits are a must.

Further, the survey indicates that it is increasingly difficult to find certified security staff by 70% of respondents,  and believe that difficulty increases cybersecurity risks. Enterprises are willing to change hiring standards and invest in training and certifications to fill the skills gap in new cybersecurity hires.

Lessons from Fortinet

The Fortinet survey provides good information, and IT professionals should use it to help inform and educate their own chain of command. There is a pervasive reflex in business to ‘right-size’ investments in people, training, and solutions, particularly those who are not paying particular attention to current cybersecurity conditions.

In the realm of cybersecurity, that approach needs to be set aside. Cybersecurity threats are increasing. Enterprises need better training, more skills and skilled personnel, and modern cybersecurity solutions with modern architectures.