September 12, 2022 By Jennifer Gregory 2 min read

The skills gap in cybersecurity isn’t a new concern. But, new research revealed in Fortinet’s 2022 Cybersecurity Skills Gap report confirmed what many experts have assumed. The skills gap increased risk and was likely the direct cause of at least some breaches.

Data for the survey was collected from 1,223 IT decision-makers in countries across the globe. The majority of the respondents were C-level executives (34%) or directors (34%), with the remaining responses coming from a variety of positions, including owners, vice presidents and department heads.

Breaches due to skills gap

The most surprising finding: 80% of respondents had at least one breach marked down to the lack of cybersecurity skills or awareness. In addition, 64% of the surveyed companies lost revenue or paid fines as a result of the breaches.

Overall, 67% of respondents agreed that the shortage of qualified cybersecurity candidates increases the risk. However, the report found that the concern level wasn’t equal. Leaders from France (81%), North America (77%) and Hong Kong (77%) showed the highest level of concern and believe that skills shortages pose extra risks.

Skills gap leads to hiring and retention challenges

The skills gap showed up in both hiring and retaining talent, with 60% reporting that they struggle to recruit. Plus, 52% struggled to retain qualified workers. The most challenging positions to hire for due to the skills gap included cloud security (57%), security operations (50%) and network security (49%). Hiring new graduates showed the fewest problems, with only 24% struggling in this area.

However, the report also found some positives. Most notably, over the past three years, most (88%) of the surveyed organizations hired more female cybersecurity workers, and 67% hired more employees from minority groups. In addition, 53% sought out and hired more veterans.

Reducing the impact of the skills gap

The skills gap is a complex problem. It doesn’t have a solution that works across the board. Organizations and the industry can help, though.

  1. Consider remote work when hiring for positions. Organizations used to be limited to hiring employees living within commuting distance from the office. Most companies now have remote working processes and tools. Carefully consider whether each open position — especially those that need highly specialized skills — could be a remote position. By removing location restrictions, you can access a much larger number of candidates for each position.
  2. Carefully evaluate degree standards. Many cybersecurity positions do not require college degrees, but employers limit their candidates by requiring them. Consider how certifications and digital badges can show real-world skills. These are often a better measure of expertise than more general degree programs.
  3. Increase internships and apprenticeships. The key to reducing the skills gap starts with hiring more younger workers. Internships or apprenticeships create a funnel of qualified applicants.

The cybersecurity skills gap can have a big impact on an organization through breaches and fines. By knowing how it works, businesses can make reducing the skills gap and filling open positions a high priority. The cybersecurity skills gap isn’t just a human resource issue, it should be an organization-wide concern.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today