Summary Bullets:
• Cybersecurity threats are increasing.
• The preferred solution to increase cybersecurity risks is certifications for IT staff as well as security awareness training for all staff.
Cybersecurity is hard. Lack of skills, education, and modern security products + architectures make it worse.
Fortinet’s latest 2024 Cybersecurity Skills Gap report backs that up and brings to light a few other contributing factors. Fortinet got responses from 1,850 decision-makers in technology, manufacturing, and financial services spread out fairly evenly across the globe. Overall, the survey shows that training for IT professionals and end users is the highest priority. Further, it shows that there needs to be more education – the skills gap is huge and makes it difficult for enterprises, governments, and institutions to hire the skilled people they need. This is all accentuated by a worsening threat and consequences environment.
Of particular interest were the responses regarding the question of corporate leaders being held accountable after an attack or breach: 51% respondents indicate that leaders faced consequences including fines, loss of employment, loss of position, or even jail time. The survey shows that an astounding 87% surveyed enterprises have experienced one or more breaches in 2023. Further, the survey indicates that those numbers have been rising since 2021, as have the financial costs of breaches. Organizations that report breaches but with no financial cost have been shrinking as well.
Unsurprisingly, corporate boards are showing increased interest in cybersecurity. Rising risks to the business, more costly breaches, and rising personal penalty occurrences are all factors. The survey concludes that boards consider cybersecurity a business priority nearly unanimously. However, it indicates that only a little bit over half of those same boards are discussing hiring or have hired more IT/security professionals.
People are the Problem
These survey results show that a lack of IT staff training (64%) and business staff training (61%) is considered the most likely causes of a breach, closely followed by a lack of cybersecurity products (59%). The survey also indicates that the preferred solution to increasing cybersecurity risks is certifications for IT staff and security awareness training for all staff. Even experienced IT professionals make mistakes or cut corners in pressure situations. For business staff, cybersecurity isn’t the first thing on their minds when they begin a day’s work: They have their own tasks and priorities, and problems to solve. Training, refreshers, and reminders about good cybersecurity habits are a must.
Further, the survey indicates that it is increasingly difficult to find certified security staff, by 70% of respondents, and believe that difficulty increases cybersecurity risks. Enterprises are willing to change hiring standards and invest in training and certifications to fill the skills gap in new cybersecurity hires.
The Fortinet survey provides good information, and IT professionals should use it to help inform and educate their own chain of command. There is a pervasive reflex in business to ‘right-size’ investments in people, training, and solutions – particularly those who are not paying particular attention to current cybersecurity conditions. In the realm of cybersecurity, that approach needs to be set aside. Cybersecurity threats are increasing. Enterprises need better training, more skills and skilled personnel, and modern cybersecurity solutions with modern architectures.

