According to (ISC)2, the global cybersecurity workforce needs to grow 65 per cent to effectively secure critical assets. While the number of professionals required is trending down (3.12 million down to 2.72 million), a significant gap remains, leaving many organizations vulnerable.
Fortinet has been sounding the alarm about the persistent cybersecurity skills gap for years. It is why the Fortinet Training Institute exists: to provide certification and training in the growing field of cybersecurity. Recently, Fortinet released a report that sounds the alarm once again on how the cybersecurity skills gap impacts organizations.
Fortinet’s 2022 Cybersecurity Skills Gap Report highlights how this gap is increasing the number and severity of security breaches. As organizations recognize this growing risk, the gap is no longer just an IT or Human Resources problem but a top priority for the C-suite and a problem that needs a top-down solution.
Every organization is at risk
Based on a global survey of more than 1200 IT and cybersecurity decision-makers from 29 different locations, Fortinet’s report illustrates the risks of the cybersecurity skills gap. It identifies that eight in 10 organizations surveyed experienced at least one breach due to a lack of cybersecurity skills or awareness.
Globally, 64 per cent of organizations suffered breaches that resulted in revenue loss or recovery costs – and 38 per cent reported costs of more than a million dollars (USD). A full 20 per cent reported an astounding five or more breaches.
As the risk and the cost of cybersecurity breaches increase, senior leaders are paying more attention. According to the survey results, 76 per cent of organizations have a board of directors who has recommended increases in IT and cybersecurity headcount. Unfortunately, growing an organization’s cybersecurity team is often challenging.
Good talent is hard to find (and keep)
The Fortinet survey respondents shared that their organizations struggle to find certified cybersecurity people. While most organizations (67%) see the shortage of qualified cybersecurity candidates as a risk for their organization, many (60%) still struggle to find suitable hires, and over half (52%) struggle to retain them.
Today, organizations need cybersecurity professionals with a broad range of security and IT-related roles and specializations. The challenge is finding the right people with the right skill sets to fit each organization’s needs. As the impact of the skills gap grows, access to training and certification is an important way the sector can begin to grow the number of qualified candidates. Another impactful strategy is introducing diversity programs to bring under-represented groups like women and newcomers to Canada into the field.
Certification pays off
The Fortinet report shows that almost all organizational leaders (95%) surveyed believe technology-focused certifications positively impact their team, while 81 per cent prefer to hire people with certificates. Nearly 80 per cent of those surveyed said certifications increased cybersecurity knowledge and awareness. The benefits of certified staff are such that 91 per cent of respondents said they were willing to pay for an employee to earn a cybersecurity credential.
Education providers and industry leaders are stepping forward to help prepare the cybersecurity workforce, but more work must be done to accelerate training and remove barriers. In addition to prioritizing hires with certifications, 87 per cent of organizations have implemented internal training programs on cyber awareness for all employees. Designed to create a cyber aware culture within a company, these training programs may not always be effective. In fact, 52 per cent of leaders surveyed believe employees still lack the necessary knowledge. Of those without a program in place, 66 per cent report they are currently looking for a program that would suit their needs. Programs like Fortinet’s Security Awareness and Training service and regular cyber-threat updates from Fortinet’s FortiGuard Labs are one way organizations can help employees support efforts to prevent security breaches and significant improve their security posture.
Cybersecurity is a team effort
Cybercriminals are developing attacks faster than ever, and they are using sophisticated cybercrime strategies that do more damage. Fortunately, organizations are making deliberate efforts to improve cybersecurity and put in place qualified and empowered teams. While the right people with the right skill sets are critical for operational security, success is also determined by pairing those teams with the right technologies. A combination of people, process and technology are the best defense for any organization. When all three work together effectively the result can be a significanly improved security posture and reduced cyber risk.
Rob Rashotte is Vice President, Global Training & Technical Field Enablement at Fortinet