Beyond hiring: tackling the cybersecurity skills gap in the age of AI
Beyond hiring: tackling the cybersecurity skills gap in the age of AI
Publish Date: 2026-06-30 08:44:00
Source Domain: www.newstatesman.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Image by DETHAL/Shutterstock
The cybersecurity skills gap is hardly a new phenomenon. For years, organisations have warned that demand for cyber professionals is outstripping supply, while increasingly sophisticated threats continue to raise the stakes of getting security wrong.
Fortinet’s 2026 Cybersecurity Skills Gap report suggests those pressures are far from easing. More than half of organisations say they most urgently need senior-level cybersecurity talent, while cybersecurity skills and security awareness continue to be identified as the leading causes of breaches. At the same time, the growing prevalence of artificial intelligence is creating an entirely new set of workforce demands.
The global report’s findings also suggest a sector in something of a transition. More than nine in ten organisations are already using or experimenting with AI-powered cybersecurity solutions, while 84 per cent say AI-enhanced tools are making security teams more effective and efficient.
Yet 60 per cent report that their biggest recruitment challenge is finding cybersecurity talent with AI expertise, and 63 per cent expect to need more AI oversight and governance roles within the next three years.
Subscribe to the New Statesman for £1 a week
White Paper
Cybersecurity Skills Gap 2026
By FORTINET
Enter your details to receive the free white paper:
Country*
United Kingdom
United States
Afghanistan
Åland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
Congo, The Democratic Republic of
The
Cook Islands
Costa Rica
Cote Divoire
Croatia
Cuba
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-bissau
Guyana
Haiti
Heard Island and Mcdonald Islands
Holy See (Vatican City State)
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran, Islamic Republic of
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Democratic Peoples
Republic of
Korea, Republic of
Kuwait
Kyrgyzstan
Lao Peoples Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Libyan Arab Jamahiriya
Liechtenstein
Lithuania
Luxembourg
Macao
Macedonia, The Former
Yugoslav Republic of
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States of
Moldova, Republic of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestinian Territory, Occupied
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon
Saint Vincent and The Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and The South
Sandwich Islands
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Swaziland
Sweden
Switzerland
Syrian Arab Republic
Taiwan, Province of China
Tajikistan
Tanzania, United Republic of
Thailand
Timor-leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying
Islands
Uruguay
Uzbekistan
Vanuatu
Venezuela
Viet Nam
Virgin Islands, British
Virgin Islands, U.S.
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
By downloading this whitepaper, you acknowledge that Progressive Media Investments may share your information with our white paper partners/sponsors who may contact you directly with information on their products and services.
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
Download free white paper
Thank you.
Please check your email to download the white paper.
For Chris Parker, Director, Government Strategy at Fortinet, the relationship between AI and cybersecurity skills requirements is more nuanced than many assume. It is neither a catch-all automated solution for recruitment woes, or existential crisis for a sector already grappling with a shortage of in-house expertise.
“A lot of people struggle with AI and the concept at the moment,” he says. “Effectively, AI is an enabler which allows things to happen faster, sometimes more efficiently. But that’s true for bad people, as well as good people defending society.”
The challenge, he argues, is not that every employee must become an AI specialist. Instead, organisations need to develop a baseline level of AI literacy across their workforce. Drawing an analogy with touch typing, Parker notes that while some people become experts, most simply need to understand how to use the tool effectively.
“As long as you know the ability of that tool, that’s the piece that most of us have to get to grips with now,” he says.
This distinction matters because AI is increasingly being viewed as both part of the solution and part of the problem. The report found that 42 per cent of respondents would trust AI to handle core security functions independently, while a further 41 per cent would trust it with limited human oversight.
Those findings raise an obvious question: are organisations embracing AI because they trust it, or because they lack the people needed to perform these tasks manually?
Parker acknowledges the danger of seeing AI as a magic bullet, but believes familiarity with its capabilities is building genuine confidence. As AI continues to become embedded within everyday workflows, he argues, that confidence will continue to grow. It also reflects a broader pattern seen throughout technological change.
Yet AI adoption alone will not solve the sector’s long-standing talent shortage. If anything, the speed of technological change has increased the need for continuous training and workforce development.
“If there’s one recommendation I can give, it’s to have a skills training programme for AI in parallel to adoption,” Parker says. Organisations should identify internal champions, invest in workforce development and recognise that learning is not confined to younger generations.
“I’ve been delighted to see people with 20 or 30 years’ experience moving quite rapidly into the use of AI with a bit of personal training and skills effort.”
The report’s findings suggest that many organisations are beginning to recognise this need. 92 per cent say they are likely to invest in AI-related cybersecurity training or certifications over the next year, while 87 per cent expect their cybersecurity teams to grow.
However, the shortage of experienced talent remains a significant challenge. Rather than viewing this solely as a recruitment issue, Parker believes organisations should think differently about how expertise is sourced and deployed.
“There is, of course, a limited amount of such people and expertise in the market,” he says. “As everyone digitises more, there’ll be more spaces needing those people.”
Part of the answer, he continues, lies in managed services and specialist partners. Just as organisations routinely outsource fleet management, payroll or legal services, many cybersecurity responsibilities can be delegated to trusted providers. The crucial distinction is between responsibility and accountability.
“Accountability will always sit within one person in the organisation,” Parker explains. “But the responsibility could well be delegated to several support and service organisations.”
This perspective becomes particularly relevant when considering one of the report’s more striking findings. For the third consecutive year, respondents identified a lack of cybersecurity skills and security awareness as the leading causes of security breaches, ahead of shortages in security products or technology. 56 per cent cited insufficient cybersecurity skills, while 55 per cent pointed to poor security awareness. The challenge is as much cultural as technical.
“Until not so long ago, it’s largely been a voluntary or wise decision to ensure cybersecurity skills are kept up to date,” Parker says. “However, with regulation and legislation increasing, boards are now taking much more notice of it.
“Those in accountable governance positions over AI linked systems clearly need to have adequate understanding of AI themselves and be aware where and how AI is used in their organisation.”
A major piece of the puzzle is broadening the talent pipeline itself. The report found that 71 per cent of organisations now have formal targets for hiring from underutilised talent pools – a drum that Parker, and Fortinet more broadly, have been beating loudly for some time.
He reels off a long list of industries and demographics that should be more vigorously explored, citing significant opportunities beyond traditional recruitment channels that include veterans transitioning from military careers, school outreach programmes, and work-experience schemes as valuable sources of future talent.
“A piece of paper doesn’t necessarily tell you much about an individual,” he says. “Often good talent can be missed.”
As new technologies reshape the cybersecurity landscape, organisations must rethink not only the tools they use, but also how they find and develop the people responsible for using them.
Download Fortinet’s 2026 Cybersecurity Skills Gap report here
Related
