Fortinet executives said in a World Economic Forum (WEF) post that there is currently a global shortage of approximately 4 million cybersecurity professionals, and that they expect this skills gap to widen due to the growing demand for cyber professionals. At the same time, roughly 90% of organizations report having experienced a breach in the past year, which they attribute in part to a shortage of cybersecurity skills. They also predict that this shortage will only get bigger as the demand for skilled cybersecurity professionals increases steadily each year.
“The skills shortage is impacting companies of all sizes and across all industries,” Rob Lachotte, vice president of global training and technical field enablement at Fortinet, said in a WEF post on Tuesday. “By working together, we can develop and share actionable approaches to help any organization build a sustainable cyber talent pipeline.”
He stressed that public-private collaboration is essential to closing the cybersecurity skills gap. Just as no single organization can fight cybercrime alone, such partnerships are essential to the joint effort to address the shortage of cybersecurity professionals.
Citing data from Fortinet’s “2024 Cybersecurity Skills Gap” report, Lachotte detailed that 87% of leaders say their organizations will experience at least one security breach in 2023. More than half of respondents said breaches last year resulted in more than $1 million in lost revenue, fines and other costs.
Against this backdrop, over 70% of security leaders say their company’s board of directors is more interested in cybersecurity than ever before, providing a foundation for organizations to devote more focus and resources to building a cybersecurity talent pipeline.
Rachott outlined three key areas organizations should focus on to develop their cybersecurity talent and fill key positions, including identifying and recruiting new cybersecurity talent pools, providing ongoing learning opportunities for existing employees and developing a cybersecurity-savvy workforce.
When it comes to finding and recruiting from a new cybersecurity talent pool, Lachotte said more than half of organizations are struggling to recruit cybersecurity talent, adding that with an additional 4 million professionals needed to fill cybersecurity vacancies, recruiting from new talent pools is essential.
“Many organizations are already implementing their own recruiting strategies to attract new talent to the field, with over 70% of IT decision makers organizing recruiting efforts targeted at women, and 60% doing the same for minority candidates,” Lachotte says. “There are also a number of public-private partnerships aimed at providing cybersecurity educational opportunities to individuals of all backgrounds and career levels.”
The World Economic Forum’s Strategic Cybersecurity Talent Framework offers valuable guidance on attracting new talent to the profession, including prioritizing diversity and inclusion, recruiting from underrepresented groups, partnering with academic institutions to attract qualified candidates, introducing learning and career development opportunities, and nurturing talent within the profession.
Regarding the need to provide ongoing learning opportunities for existing employees, Lachotte acknowledged that while recruiting new talent into the field is important to narrowing the skills gap, organizations also need to find ways to retain their current talent. This can be done by upskilling those currently employed in cybersecurity, or reskilling individuals within the organization who have important soft skills that can be applied to cybersecurity roles.
Lachotte pointed to a Fortinet report that said employees want to learn and grow, but 50% of leaders say a lack of training and upskilling opportunities is their biggest employee retention challenge.
“Offering employees the opportunity to earn cybersecurity certifications is a great starting point, benefiting both individuals and organizations,” added Lachotte. “More than a third of cybersecurity professionals expect to earn certifications, and 89% of IT leaders say they would cover the costs for their employees to earn these certifications. Leaders value certifications, and say employees who pursue these opportunities have improved their skills and knowledge, allowing them to perform their jobs better and grow in their careers faster.”
In addition to recruiting new cybersecurity talent, Lachotte noted the need to develop a cyber-savvy workforce as a key component of any risk management strategy.
A recent Fortinet survey found that 81% of organizations faced attacks aimed directly at users, including malware, phishing, and password attacks. “When employees are aware of common risks like phishing and social engineering, they provide a strong first line of defense against attacks. In the past year, 61% of leaders said their organization discussed or conducted a security awareness training program for all employees,” the post added.
LaShotte explained that to run an effective security awareness initiative, leaders need to establish a vision for the initiative, cover relevant topics and develop a long-term strategy for delivering new content and engaging with employees.
In March, the European Union Cybersecurity Agency (ENISA) published an executive summary of the second edition of this year’s “Cybersecurity Threat Forecast to 2030,” outlining the key findings in its top 10 rankings. The study re-evaluates previously identified top 10 threats and their respective trends, examining developments over the past year.
Anna Ribeiro
Industry Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the fields of security, data storage, virtualization and IoT.
