Cybersecurity Skills Gap Contributed to 80 Percent of Breaches According to New Fortinet Report
Fortinet Releases New Research on Key Concerns around the Cybersecurity Talent Shortage, Recruitment, Diversity, and Security Awareness
Sandra Wheatley, SVP Marketing, Threat Intelligence and Influencer Communications at Fortinet
"According to the Fortinet report released today, the skills gap isn’t just a talent shortage challenge, but it’s also severely impacting business, making it a top concern for executive leaders worldwide. Through Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs, we are committed to tackling the challenges revealed in the report through various initiatives, including programs focused on cybersecurity certifications and recruiting more women into cyber. As part of this commitment, Fortinet has pledged to train 1 million professionals to increase cyber skills and awareness and make a dent in the skills gap by 2026.”
Fortinet®, a global leader in broad, integrated, and automated cybersecurity solutions, today released its 2022 Cybersecurity Skills Gap Report. The new global report reveals that the cybersecurity skills shortage continues to have multiple challenges and repercussions for organizations, including the occurrence of security breaches and subsequently loss of money. As a result, the skills gap remains a top concern for C-level executives and is increasingly becoming a board-level priority. The report also suggests ways the skills gap can be addressed, such as through training and certifications to increase employees’ education.
The Widespread Global Impact of the Cybersecurity Skills Shortage
According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65 percent to effectively defend organizations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3.12 million down to 2.72 million in the past year, this is still a significant void that leaves organizations vulnerable.
Fortinet’s report demonstrates multiple risks resulting from the cybersecurity skills gap. Most notably, 8 in 10 organizations surveyed have suffered at least one breach they could attribute to a lack of cybersecurity skills or awareness. The survey also showed that globally 64 percent of organizations experienced breaches that resulted in loss of revenue, recovery costs and/or fines.
Given the increasing costs of breaches on organizations’ profits and reputation, cybersecurity is becoming more of a board level priority. Globally, 88 percent of organizations that have a board of directors reported that their board asks questions specifically about cybersecurity. And 76 percent of organizations have a board of directors who has recommended increases in IT and cybersecurity headcount.
Advancing Cybersecurity Skills Through Training and Certifications
Fortinet’s skills gap report demonstrated that training and certifications are critical ways organizations seek to further tackle the skills gap. The report revealed that 95 percent of leaders believe technology-focused certifications positively impact their role and their team, while 81 percent of leaders prefer to hire people with certifications. Additionally, 91 percent of respondents shared they are willing to pay for an employee to achieve cyber certifications. One major reason for certifications being highly regarded is due to their validation of increased cybersecurity knowledge and awareness.
What impacts have certifications made?
In addition to valuing certifications, 87 percent of organizations have implemented a training program to increase cyber awareness. However, 52 percent of leaders believe their employees still lack necessary knowledge, which raises question around how effective their current security awareness programs are.
For organizations looking for security awareness training, Fortinet offers a Security Awareness and Training service through the award-winning Fortinet Training Institute. The service further protects organizations’ critical digital assets from cyber threats by building employee cybersecurity awareness. This service receives updates from Fortinet’s FortiGuard Labs threat intelligence so that employees are learning and keeping up with the latest evolving cyberattack methods to prevent company breaches and risks from being introduced.
Addressing Recruitment and Retention Challenges with Diversity Commitments
A significant challenge for organizations has been finding and retaining the right people to fill critical security roles ranging from cloud security specialists to SOC analysts. The report found that 60 percent of leaders admit their organization struggles with recruitment and 52 percent struggle to retain talent.
Among hiring challenges is the recruitment of women, new college graduates and minorities. Globally, 7 out of 10 leaders see the recruitment of women and new graduates as a top hiring hurdle and 61 percent said hiring minorities has been challenging. As organizations look to build more capable and more diverse teams, 89 percent of global companies have explicit diversity goals as part of their hiring strategy according to the report. The report also demonstrated 75 percent of organizations have formal structures to specifically recruit more women and 59 percent have strategies in place to hire minorities. Additionally, 51 percent of organizations have efforts in place to hire more veterans.
About the Fortinet Skills Gap Survey:
- The survey was conducted among more than 1200 IT and cybersecurity decision-makers from 29 different locations.
- Survey respondents came from a range of industries, including technology (28%), manufacturing (12%), and financial services (10%).
- Read our blog for more information about the 2022 Cybersecurity Skills Gap Report.
- Learn more about Fortinet’s free cybersecurity training initiative, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
- Watch how Fortinet makes possible a digital world you can always trust, and view how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital infrastructure.
- Read more about how Fortinet customers are securing their organizations.
- Learn more about FortiGuard Labs threat intelligence and research or Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks. Read more about Fortinet’s FortiGuard security services portfolio.
- Engage in the Fortinet User Community (Fuse). Share ideas and feedback, learn more about our products and technology, and connect with peers.
- Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on YouTube.
Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 565,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2022 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM.
Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.