Cyber skills gap leads to escalating security risks

A shortage of skilled cyber professionals is leading to critical security roles being unfilled at a time when they are needed most, according to a new skills gap report from Fortinet.

Organizations are turning increasingly to AI to strengthen their cybersecurity postures and fill gaps, but they also acknowledge that AI may be used against them as an engine of new or improved cyberattacks, especially given the lack of AI skillsets across teams.

“This year’s survey further underscores the urgent need to invest in cybersecurity talent,” said Carl Windsor, CISO at Fortinet. “Without closing the skills gap, organizations will continue to face rising breach rates and escalating costs. The findings highlight an inflection point for both public and private sectors: Without bold action to build and retain cybersecurity expertise, the risks and costs will only continue to grow for our society.”

The report finds that 86 percent of organizations experienced at least one cyber breach in 2024, with nearly one-third (28 percent) reporting five or more. These figures mark a significant increase from 2021, when Fortinet first produced a skills gap report was released, then 80 percent of organizations reported breaches and only 19 percent faced five or more.

More than half of those surveyed (54 percent) cite a lack of IT security skills and training as one of the leading causes of breaches in their organizations.

A majority (97 percent) of organizations surveyed are either already using or plan to implement AI-enabled cybersecurity solutions, with threat detection and prevention cited as the top areas of interest for applying AI in cybersecurity.

But while 80 percent say AI is helping their IT and security teams become more effective, 48 percent of IT decision makers point to a lack of staff with sufficient AI expertise as the biggest challenge to successful implementation. 76 percent of organizations that suffered nine or more cyberattacks in 2024 had AI tools in place, suggesting that adoption alone isn't enough without the right expertise.

Cybersecurity is increasingly on the agenda at board level, with 76 percent of boards increasing their focus on the issue in 2024. Nearly all organizations now view cybersecurity as both a business (96 percent) and financial (95 percent) priority. However, only 49 percent of all respondents say their boards fully understand the risks posed by AI, with awareness closely linked to whether their organization is already deploying AI in its cybersecurity programs.

The full 2025 Global Cybersecurity Skills Gap Report is available from the Fortinet site.

Image Credit: Paradee Paradee/Dreamstime.com