Fortinet Annual Skills Gap Report Reveals Growing Connection Between Cybersecurity Breaches and Skills Shortages

Rhea-AI Summary

Fortinet's 2024 Global Cybersecurity Skills Gap Report highlights a critical shortage in cybersecurity skills, with nearly 90% of organizations attributing breaches to this gap and 70% recognizing increased risks. The report reveals severe repercussions, including fines and job losses for leaders, with over 50% of breaches costing more than $1 million. Boards are prioritizing cybersecurity, with 97% viewing it as a business imperative. Certifications are highly valued, though 70% find it hard to find certified candidates. Organizations are expanding hiring criteria, focusing on training and diversified recruitment. Fortinet aims to train 1 million people by 2026 and has already trained nearly half a million. The company promotes a three-pronged approach combining training, awareness, and technology to enhance cyber resilience.

Positive

• Fortinet has trained nearly 500,000 individuals as part of its pledge to train 1 million by 2026.
• 97% of respondents state that their board views cybersecurity as a business priority.
• Over 50% of breaches have resulted in more than $1 million in losses, increasing awareness and action on cybersecurity.
• Organizations are diversifying hiring criteria, which may expand the talent pool and address the skills gap.

Negative

• Nearly 90% of organizations experienced a breach due to a lack of cyber skills.
• 70% of organizations recognize that the cybersecurity skills shortage introduces additional risks.
• 51% of respondents noted severe repercussions for leaders, such as fines or job loss following cyber incidents.
• More than 70% of respondents find it difficult to find candidates with technology-focused certifications.

Cybersecurity Analyst

The 2024 Global Cybersecurity Skills Gap Report emphasizes the increasing risk that the cyber skills gap poses to organizations worldwide. The statistic that 90% of organizations experienced a breach due to this shortage underlines the severity of the issue. The rising financial and reputational costs associated with breaches, with more than 50% of organizations losing over $1 million due to breaches, underscores the substantial financial implications. This factor alone can affect stock valuations as companies seek to mitigate these risks by investing heavily in cybersecurity measures.

The emphasis on certifications and training programs indicates a proactive approach. However, the difficulty in finding certified candidates (70% struggle) highlights a supply-demand imbalance in the marketplace. This could lead to increased costs for hiring and training, potentially affecting profit margins in the short term. Long term, companies with robust cybersecurity frameworks may see improved stability and lower risk premiums.

Market Research Analyst

The report's findings indicate a significant market opportunity for firms in the cybersecurity training and certification industry. With 89% of companies willing to pay for employee certifications and a pledge to train 1 million individuals by 2026, businesses like Fortinet are positioning themselves to capture market share. This strategic focus on upskilling addresses both immediate risks and long-term talent shortages, making it an appealing narrative for investors.

Moreover, the diversification in hiring practices noted in the report suggests that industries are moving towards inclusive growth models, potentially leading to a more dynamic and innovative workforce. This can enhance operational efficiency and foster a culture of continuous improvement, positively influencing company reputation and investor confidence.

Financial Analyst

From a financial perspective, the growing cybersecurity skills gap and the associated breach costs present both risks and opportunities. The fact that breaches cost organizations over $1 million in lost revenue and fines in 50% of cases could lead to increased spending on cybersecurity, impacting operating expenses. However, companies like Fortinet that offer comprehensive cybersecurity solutions and training programs stand to benefit. This dual approach of selling security products and certification programs can drive revenue growth.

Given the high valuation of certifications among hiring managers, firms in this space could see increased demand for their services. However, the difficulty in finding certified candidates (70% find it challenging) highlights a constrained labor market, potentially leading to higher recruitment costs. Ultimately, the report suggests that businesses heavily invested in cybersecurity could see long-term economic benefits despite short-term financial pressures.

Nearly 90% of organizations experienced a breach in the last year that they can partially attribute to a lack of cyber skills, and 70% attribute increased cyber risks to the skills gap

SUNNYVALE, Calif., June 26, 2024 (GLOBE NEWSWIRE) --

John Maddison, Chief Marketing Officer at Fortinet
“The results from our latest Global Cybersecurity Skills Gap Report highlight the critical need for a collaborative, multi-faceted approach to closing the skills gap. To effectively mitigate risk and combat today’s complex threats, organizations must employ a strategic combination of leveraging the right security technology, upskilling existing security professionals through training and certifications, and fostering a cyber-aware workforce. As part of Fortinet’s dedication to closing the skills gap through this three-pronged approach, we pledged to train 1 million people in cyber by 2026. As we near the halfway mark of this five-year commitment, we are close to having trained half a million individuals to date.”

News Summary
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today released its 2024 Global Cybersecurity Skills Gap Report, which highlights ongoing challenges related to the cybersecurity skills shortage impacting organizations around the globe. Key findings from the report include:

• Organizations are increasingly attributing breaches to the cyber skills gap.
• Breaches continue to have significant repercussions for businesses, and executive leaders are often penalized when they happen.
• Certifications continue to be highly regarded by employers as a validator of current cybersecurity skills and knowledge.
• Numerous opportunities remain for hiring from diverse talent pools to help address the skills shortage.

The Cyber Skills Gap Continues to Impact Companies Worldwide
An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap. At the same time, Fortinet's 2024 Global Cybersecurity Skills Gap Report found that 70% of organizations indicated that the cybersecurity skills shortage creates additional risks for their organizations. Other findings that highlight the impact of the growing skills gap on companies across the globe include:

• Organizations are attributing more breaches to a lack of cyber skills. In the past year, nearly 90% of organizational leaders (87%) said they experienced a breach that they can partially attribute to a lack of cyber skills, up from 84% in the 2023 report and 80% the year prior.
• Breaches have a more substantial impact on businesses. Breaches have a variety of repercussions, ranging from financial to reputational challenges. This year’s survey reveals that corporate leaders are increasingly held accountable for cyber incidents, with 51% of respondents noting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. Additionally, more than 50% of respondents indicate that breaches cost their organizations more than $1 million in lost revenue, fines, and other expenses last year—up from 48% in the 2023 report and 38% from the previous year.
• Boards of directors view cybersecurity as a business imperative. As a result, executives and boards of directors increasingly prioritize cybersecurity, with 72% of respondents saying their boards were more focused on security in 2023 than the previous year. And 97% of respondents say their board sees cybersecurity as a business priority.
  

Hiring Managers Value Continued Learning and Certifications
Business leaders widely regard certifications as validation of cybersecurity knowledge, and those who hold a certification or work with someone who does notice clear benefits. This year’s survey also found that:

• Candidates with certifications stand out. More than 90% of respondents said they prefer hiring candidates with certifications.
• Leaders believe that certifications improve security posture. Respondents place such high value on certifications that 89% said they would pay for an employee to obtain a cybersecurity certification.
• Finding candidates who hold certifications isn’t easy. More than 70% of respondents indicated that it is difficult to find candidates with technology-focused certifications.
  

Companies Are Expanding Hiring Criteria to Fill Open Roles
As the cyber workforce shortage persists, some organizations diversify their recruitment pools to include candidates whose credentials fall outside traditional backgrounds—such as a four-year degree in cybersecurity or a related field—to attract new talent and fill open roles. Shifting these hiring requirements can unlock new possibilities, especially if organizations are willing to pay for certifications and training. The report also found that:

• Organizations continue to have programs dedicated to recruiting from a diversified talent pool. Eighty-three percent of respondents said their organizations have set diversity hiring goals for the next few years, in line with last year’s report but slightly down from 89% in 2021.
• Diversity hiring varies from year to year. Despite ongoing recruitment targets, female hires are down to 85% from 89% in 2022 and 88% in 2021; hires from minority groups remain unchanged at 68% and up slightly from 67% in 2021; and veteran hires are up slightly to 49% from 47% in 2022, but down from 53% in 2021.
• While many hiring managers value certifications, some organizations still prefer candidates with traditional backgrounds. Despite many respondents saying they value certifications, 71% of organizations still require four-year degrees, and 66% hire only candidates with traditional training backgrounds.
  

Organizations Are Taking a Three-Pronged Approach to Building Cyber Resiliency
The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defenses across enterprises. As a result, organizations are focusing on a three-pronged approach to cybersecurity that combines training, awareness, and technology:

• Help IT and security teams obtain vital security skills by investing in training and certifications to achieve this goal.
• Cultivate a cyber-aware frontline staff who can contribute to a more secure organization as a first line of defense.
• Use effective security solutions to ensure a strong security posture.
  

To help organizations achieve these objectives, Fortinet offers the largest integrated portfolio of more than 50 enterprise-grade products through its Fortinet Security Fabric platform. Additionally, the award-winning Fortinet Training Institute, one of the industry's broadest training and certification programs, is dedicated to making cybersecurity certification and new career opportunities available to all populations, including a Security Awareness Training offering for organizations to develop a cyber-aware workforce.

About the Fortinet Skills Gap Survey

• The survey was conducted among over 1,850 IT and cybersecurity decision-makers from 29 countries and locations.
• Survey respondents come from a range of industries, including technology (21%), manufacturing (15%), and financial services (13%).

Additional Resources

• Learn about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
• Visit fortinet.com/trust to learn more about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products that contribute to delivering proven cybersecurity everywhere you need it.
• Learn more about Fortinet's commitment to product security and integrity, including its responsible product development, vulnerability disclosure approach, and policies.
• Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
• Learn more about Fortinet’s FortiGuard Security Services portfolio.
• Read about how Fortinet customers are securing their organizations.
• Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
  

About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today, we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Copyright © 2024 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Media Contact:	Investor Contact:	Analyst Contact:
Stephanie Lira Fortinet, Inc. 408-235-7700 pr@fortinet.com	Peter Salkowski Fortinet, Inc. 408-331-4595 psalkowski@fortinet.com	Brian Greenberg Fortinet, Inc. 408-235-7700 analystrelations@fortinet.com

FAQ

What percentage of organizations attribute breaches to a cybersecurity skills gap according to Fortinet's 2024 report?

Nearly 90% of organizations attributed breaches to a cybersecurity skills gap.

How much financial loss did breaches cost organizations according to Fortinet's 2024 report?

Over 50% of breaches cost organizations more than $1 million in lost revenue, fines, and other expenses.

What is Fortinet's commitment to training cybersecurity professionals by 2026?

Fortinet has pledged to train 1 million people in cybersecurity by 2026.

How do boards of directors view cybersecurity according to the 2024 report by Fortinet?

97% of respondents noted that their boards view cybersecurity as a business priority.

What percentage of respondents find it challenging to hire certified candidates in Fortinet's 2024 report?

More than 70% of respondents indicated difficulty in finding candidates with technology-focused certifications.