4 in 5 breaches due to cybersecurity skills gap 

The cybersecurity skills shortage continues to have multiple challenges and repercussions for organisations, including the occurrence of security breaches and subsequently loss of money, according to the 2022 Cybersecurity Skills Gap report from Fortinet.

As a result, the skills gap remains a top concern for C-level executives and is increasingly becoming a board-level priority. The report also suggests ways the skills gap can be addressed, such as through training and certifications to increase employees’ education.  

The survey was conducted among more than 1,200 IT and cybersecurity decision-makers from 29 different locations. 

Fortinet’s report shows multiple risks resulting from the cybersecurity skills gap. Most notably, four in every five organisations surveyed have suffered at least one breach they could attribute to a lack of cybersecurity skills or awareness. 

The survey also showed that globally 64% of organisations experienced breaches that resulted in loss of revenue, recovery costs and/or fines. 

Given the increasing costs of breaches on organisations’ profits and reputation, cybersecurity is becoming more of a board level priority. 

Globally, 88% of organisations that have a board of directors reported that their board asks questions specifically about cybersecurity. Also, 76% of organisations have a board of directors who has recommended increases in IT and cybersecurity headcount. 

Further, 95% of leaders believe technology-focused certifications positively impact their role and their team, while 81% of leaders prefer to hire people with certifications. 

Additionally, 91% of respondents shared they are willing to pay for an employee to achieve cyber certifications. One major reason for certifications being highly regarded is due to their validation of increased cybersecurity knowledge and awareness.

Beside valuing certifications, 87% of organisations have implemented a training program to increase cyber awareness. However, 52% of leaders believe their employees still lack necessary knowledge, which raises question around how effective their current security awareness programs are.