By Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet
With nearly 4 million professionals needed to fill critical cybersecurity roles, organizations around the globe are feeling the impact of the ongoing skills gap. Breaches can rarely be attributed to a single cause, yet 58% of leaders indicate that a lack of IT and cybersecurity skills and training within their organization contributes to security incidents.
All it takes is a single cyber incident to open any organization to new threats and vulnerabilities. For example, following a breach, threat actors now have valuable insights about an enterprise’s environment that they can use to craft a new attack. Others may attempt to capitalize off a previous breach, viewing a recently compromised organization as low-hanging fruit. While understanding and taking steps to mitigate these risks is crucial, what is often even more concerning, especially to those in C-level positions and on the board of directors, is the potential impact these incidents can have on business operations.
That’s why closing risk management strategy gaps, including addressing critical resources like staffing, is vital to protect any organization effectively.
The Skills Gap Increases Cyber Risks, Leading to New Threats and Vulnerabilities
Cybercriminals continue to advance their operations, refining well-known attack methods and using generative AI to speed their efforts. Therefore, it’s not surprising that cybersecurity incidents are rising worldwide. According to Fortinet’s 2024 Cybersecurity Skills Shortage Report, almost 90% of businesses experienced one or more security breaches last year, up from 84% in 2024 and 80% in 2021. The dire need for skilled cybersecurity professionals puts businesses at a disadvantage: Nearly three-quarters of leaders agree that the cybersecurity skills gap creates additional risks for their enterprise.
Breaches are equally common across all regions, with the average number of breaches per organization in Asia Pacific being the highest (3.18) and Latin America being the lowest (2.79). And the percentage of organizations that report suffering no breaches at all continues to shrink—just 13% of businesses had zero breaches in 2023 compared to 15% the year before and 20% in 2021.
As Breaches Rise, the Threat Landscape Remains Familiar
While organizations increasingly fall victim to cybercriminals, the attacks used to compromise networks are familiar to defenders.
Malware, phishing, and web attacks combined accounted for 80% of all attacks organizations experienced yearly. Password attacks were more common in North America, and leaders in APAC experienced a higher percentage of phishing and web attacks than in other regions.
Cyber Incidents Have Far-Reaching Impacts
Cybersecurity incidents have increasingly significant impacts on organizations, ranging from financial to reputational challenges. More than half (53%) of leaders say breaches cost their organizations over $1 million in 2023, with North America and APAC reporting the most financially damaging attacks. Regarding recovery time, 63% said it took more than one month to bounce back from a cyberattack, with the average time being nearly three months.
In addition to monetary ramifications and lengthy recovery times, corporate leaders are held accountable when breaches occur: 51% of IT and security leaders say that board members or executives have faced fines, jail time, loss of their position, and loss of employment following a cyberattack.
A Robust Cybersecurity Program Requires Technology, Training, and Awareness
The stakes are high for organizations when it comes to cybersecurity. Breaches continue to take a financial toll, and senior leaders are sometimes penalized when they happen. With the growing skills gap creating additional risks for organizations, many businesses are embracing new, creative approaches to recruiting, hiring, and retaining skilled professionals. It’s encouraging that leaders pursue unique initiatives and collaborate across the public and private sectors to address this challenge, as this is a crucial piece of the puzzle when it comes to strengthening an organization’s overall defenses.
Given these complexities, organizations should focus on a three-pronged approach to cybersecurity that blends technology, training, and awareness. Fortinet offers the most extensive integrated portfolio of over 50 enterprise-grade products through our Fortinet Security Fabric platform. Additionally, the award-winning Fortinet Training Institute, one of the industry’s broadest training and certification programs, is dedicated to making cybersecurity certification and new career opportunities available to everyone and offering current professionals the chance to advance their skill sets. The institute offers a variety of free and low-cost education and certification programs, unique initiatives to upskill and reskill individuals from diverse backgrounds, and more. The Fortinet Training Institute also has a Security Awareness Training offering designed to help organizations cultivate a more cyber-aware workforce.
Cybercriminals aren’t slowing down anytime soon, making cybersecurity an “all hands on deck” effort for every organization. Highly skilled professionals with access to the right cybersecurity technologies are essential to protecting businesses from breaches, as is having cyber-aware employees who can serve as a solid first line of defense. By refreshing and strengthening distinct aspects of a risk management strategy, an enterprise will be better positioned to defend against the speed and volume of today’s attacks.