Organizations are increasingly attributing security breaches to a skills gap, while as a validation of current cybersecurity skills and knowledge, certifications continue to be highly valued by employers, according to Fortinet’s recent report.
Fortinet surveyed over 1,850 IT and cybersecurity decision-makers for its 2024 Global Cybersecurity Skills Gap Report. It found that 87% of organizations experienced a breach in the last year that they partially attributed to a lack of cybersecurity skills, which was an increase from 84% in the 2023 report and 80% the year prior.
Breaches have a more substantial impact on businesses
Fortinet’s report also found that breaches have a more substantial impact on businesses, ranging from financial to reputational challenges. More than half of respondents indicated that breaches last year cost their organizations more than $1 million in lost revenue, fines, and other expenses. This was up from 48% in the 2023 report and 38% from the previous year.
This year’s survey also reveals that corporate leaders are increasingly being held accountable for cyber incidents, with 51% of respondents noting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack.
As a result, executives and boards of directors increasingly prioritize cybersecurity, with 72% of respondents saying their boards were more focused on security in 2023 than the previous year. And 97% of respondents say their board sees cybersecurity as a business priority.
Leaders believe that certifications improve security posture
Respondents place such high value on certifications that 89% said they would pay for an employee to obtain a cybersecurity certification. 70% of respondents indicated that it is difficult to find candidates with technology-focused certifications.
As the cyber workforce shortage persists, some organizations diversify their recruitment pools to include candidates whose credentials fall outside traditional backgrounds—such as a four-year degree in cybersecurity or a related field—to attract new talent and fill open roles. Shifting these hiring requirements can unlock new possibilities, especially if organizations are also willing to pay for certifications and training.
83%t of respondents said their organizations have set diversity hiring goals for the next few years —in line with last year’s report, but slightly down from 89% in 2021.
Despite ongoing recruitment targets, female hires are down to 85% from 89% in 2022 and 88% in 2021; hires from minority groups remain unchanged at 68% and up slightly from 67% in 2021; and veteran hires are up slightly to 49% from 47% in 2022, but down from 53% in 2021.
Despite many respondents saying they value certifications, 71% of organizations still require four-year degrees, and 66% hire only candidates with traditional training backgrounds.
Organizations are focusing on a three-pronged approach to cybersecurity
The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defenses across enterprises. As a result, organizations are focusing on a three-pronged approach to cybersecurity that combines training, awareness, and technology:
- Help IT and security teams obtain vital security skills by investing in training and certifications needed to achieve this goal.
- Cultivate a cyber-aware frontline staff who can contribute to a more secure organization as a first line of defense.
- Use effective security solutions to ensure a strong security posture.
“The results from our latest Global Cybersecurity Skills Gap Report highlight the critical need for a collaborative, multi-faceted approach to closing the skills gap. To effectively mitigate risk and combat today’s complex threats, organizations must employ a strategic combination of leveraging the right security technology, upskilling existing security professionals through training and certifications, and fostering a cyber-aware workforce,” said John Maddison, CMO at Fortinet.
Source: Fortinet