Fortinet report reveals cybersecurity hiring stalls as nearly half of IT leaders face corporate pushback – Intelligent CISO

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

As cyberthreats continue to grow in scale and sophistication, organisations are facing a widening cybersecurity skills gap that is increasing business risk and exposing critical vulnerabilities. New research from Fortinet highlights the urgent need for greater investment in cybersecurity talent, AI-related skills and workforce development to strengthen resilience against an increasingly complex threat landscape.

Fortinet, a global cybersecurity leader driving the convergence of networking and security, has released the 2026 Global Cybersecurity Skills Gap Report, revealing the emerging and persistent challenges organisations face as they grapple with ongoing cybersecurity skill shortages and the ever-evolving threat landscape. The global survey’s key findings include:

• The lack of cybersecurity skills – stemming in part from insufficient investment in cybersecurity talent – remains a top cause of devastating security breaches.• Although cyber defenders are effectively leveraging AI-powered tools, upskilling and reskilling are necessary to fully reap the benefits from these advanced technologies.• Despite gaps in investment, intentional efforts are being made to attract and retain top-tier cybersecurity talent.

“Cybersecurity is not simply a technical issue but a strategic business risk. This year’s survey suggests that while boards generally recognise the importance of cybersecurity, more investment is needed to address key issues, such as emerging AI risks and the ongoing cybersecurity skills shortage. Addressing these issues is critical to business resilience in an increasingly complex threat landscape,” said Carl Windsor, CISO at Fortinet.

Amid high stakes, cybersecurity must be prioritised

A lack of cybersecurity skills remains a top cause of devastating security breaches in enterprises. The global survey revealed:

• The stakes are high: Eighty-six percent of organisations report one or more breaches in the past 12 months. Fifty-two percent say breaches cost them more than US$1 million – up from 38% in 2021. Breaches cost most in North America, with US$2 million being the average cost of a breach.• Lack of cybersecurity skills remains a top concern: For the third consecutive year, IT leaders cited lack of cybersecurity skills as a top cause of security breaches (56%). Fifty-one percent say that they need senior-level cybersecurity skills most of all, yet 49% struggle to get approval for additional cybersecurity talent. This is surprising as 50% say executives and even board members have faced penalties after a cyberattack, underscoring the risk.

Employees’ use of AI creates new cybersecurity challenges that boards fail to understand. The report showed:

• AI deployment in the enterprise creates risk: Employee use of AI poses a risk that people don’t fully understand. Only half (50%) of leaders believe their board members are ‘fully aware’ of potential risks from AI use.• A new skills gap may emerge: As AI adoption continues, 63% expect more need for AI oversight and governance roles on cybersecurity teams over the next three years.

Despite the gaps in investment, investment in certifications is up year-over-year (YoY). Findings from the report demonstrated the following:

• Willingness to pay for certifications is up: Ninety-two percent revealed they would pay for an employee to get certified, up from 73% of respondents in the 2025 report.• Dedicated initiatives to identify and nurture talent: To source talent from underrepresented groups, 92% use internships, apprenticeships, partnerships and programmes. Seventy-one percent report formal hiring targets for underutilised talent pools.

AI for cybersecurity creates opportunities and challenges

AI-powered cybersecurity tool adoption is widespread as decision-makers see its potential to support cybersecurity teams with their operations. The survey findings revealed:

• Broad adoption of AI-powered security tools: Ninety-one percent of respondents are using or experimenting with AI-powered cybersecurity solutions. Scepticism or uncertainty about AI for cybersecurity is 38%, down from 43% in last year’s report.• AI supports today’s IT and security professionals: Eighty-four percent say AI-enhanced security tools are helping IT and security teams be more effective and efficient. This is critical, as cyber defenders and cybercriminals are now equipped with the same technology; 44% of respondents cited defending against AI cybersecurity attacks as a top concern.

AI is widening the cybersecurity skills gap. At the same time, there are multiple efforts to overcome it. Survey respondents shared the following:

• Investment in skills development: Sixty percent of respondents say their top recruiting challenge is finding cybersecurity talent with specific experience in AI. Today, 92% are likely to invest in AI-related cybersecurity training or certifications in the next 12 months.• Implementing programmes for reskilling: Organisations say they require staff with new skillsets to support their adoption of AI, including: AI model development (55%), AI tool oversight (54%) and security automation (52%). Fifty-nine percent of organisations are developing internal training or reskilling programmes to support AI adoption, while 52% are procuring training or reskilling from industry vendors.

Business resilience requires investment in closing the cybersecurity skills gap

Board and executive-level investment in a layered approach to cybersecurity – one that blends people, processes and technology – is essential. Organisations should continue tapping into underutilised talent pools and investing in training and upskilling to build and retain the expertise they need. This requires a coordinated approach grounded in three key pillars: raising awareness and education, expanding access to targeted training and certification, and deploying advanced security technologies.

To help organisations address the challenges they face as a result of the cyber skills gap, the award-winning Fortinet Training Institute provides one of the largest and broadest training programmes in the industry to make cyber training and new career opportunities available to everyone and includes a Security Awareness Training service for organisations to develop a cyber-aware workforce.

As part of Fortinet’s commitment to addressing this growing challenge, Fortinet is on track to train one million people in cybersecurity around the world this year, a pledge that began in 2022.