Are Increasing Breaches Due to the Cyber Skills Gap?
An estimated 3.4 million professionals are needed to fill the global cybersecurity workforce gap.
Topics
News
- Customer Centricity Summit & Awards Explores Brand-Customer Relationships in KSA
- GITEX Global 2024 to Showcase Global Innovation, Investment, and Cybersecurity Trends
- The Perfectly Imperfect Start of Disruptive Innovations
- GovTech Conclave to Explore Cutting-Edge Solutions for Modern Governance
- New Report Shows Cautious Optimism Among Enterprises Adopting AI
- Majority of CISOs Feel Their Organizations are Unprepared for Cybersecurity Regulations
There are ongoing challenges related to the cybersecurity skills shortage impacting organizations worldwide. According to Fortinet’s 2024 Global Cybersecurity Skills Gap Report, cyber risks are escalating due to the ongoing talent shortage, while the number of organizations experiencing five or more breaches jumped by 53%.
The result is that short-staffed cybersecurity teams are burdened with thousands of daily threat alerts and managing disparate solutions to adequately protect their organization’s devices and data.
The study also included large organizations from the UAE.
“Close to 58% of IT decision-makers cited the lack of training and upskilling opportunities as their biggest challenge. This underscores the urgent need for enhanced cybersecurity training and certification programs, as 94% of our respondents said they were ready to pay to get their employees cybersecurity certified,” says Alain Penel, VP – Middle East, Turkey and CIS, at Fortinet.
About 65% of organizations expect cyberattacks to increase over the next 12 months, compounding the need to fill crucial cyber positions to help strengthen organizations’ security postures.
An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap. Additionally, due to unfilled IT positions due to the cyber skills shortage, the report found that 68% of organizations indicate they face additional cyber risks.
Other findings from the report:
- Organizations are attributing more breaches to a lack of cyber skills. In the past year, nearly 90% of organizational leaders (87%) said they experienced a breach that they can partially attribute to a lack of cyber skills, up from 84% in the 2023 report and 80% the year prior.
- Breaches have a more substantial impact on businesses. Breaches have a variety of repercussions, ranging from financial to reputational challenges. This year’s survey reveals that corporate leaders are increasingly held accountable for cyber incidents, with 51% of respondents noting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. Additionally, more than 50% of respondents indicate that breaches cost their organizations more than $1 million in lost revenue, fines, and other expenses last year—up from 48% in the 2023 report and 38% from the previous year.
- Boards of directors view cybersecurity as a business imperative. As a result, executives and boards of directors increasingly prioritize cybersecurity, with 72% of respondents saying their boards focused more on security in 2023 than the previous year. And 97% of respondents say their board sees cybersecurity as a business priority.
As the cyber workforce shortage persists, some organizations diversify their recruitment pools to include candidates whose credentials fall outside traditional backgrounds—such as a four-year degree in cybersecurity or a related field—to attract new talent and fill open roles. Shifting these hiring requirements can unlock new possibilities, especially if organizations are willing to pay for certifications and training.
The report also found that organizations continue to have programs dedicated to recruiting from a diversified talent pool. About 83% of respondents said their organizations have set diversity hiring goals for the next few years. Despite ongoing recruitment targets, female hires are down to 85% from 89% in 2022 and 88% in 2021.
While many hiring managers value certifications, some organizations still prefer candidates with traditional backgrounds. Despite many respondents saying they value certifications, 71% of organizations still require four-year degrees, and 66% hire only candidates with traditional training backgrounds.
The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defenses across enterprises.
As a result, organizations are focusing on a three-pronged approach to cybersecurity that combines training, awareness, and technology:
- Help IT and security teams obtain vital security skills by investing in training and certifications to achieve this goal.
- Cultivate a cyber-aware frontline staff who can contribute to a more secure organization as a first line of defense.
- Use effective security solutions to ensure a strong security posture.