Fortinet 2023 Skills Gap Report: How organizations can fill the talent shortage

The ongoing cybersecurity talent shortage presents challenges for organizations everywhere. As critical roles remain vacant far too long, already overburdened IT and security teams are grappling with a long list of responsibilities to safeguard their corporate networks, and that’s just the tip of the iceberg. Meanwhile, cybercriminals show no signs of slowing, launching new, more sophisticated attacks at every turn. As a result, IT and security leaders are facing the perfect storm: They’re navigating an unprecedented increase in cyber threats while simultaneously searching for skilled professionals to fill essential positions.

Historically, organizations have sought “traditional” candidates to fill cybersecurity roles—those with a degree in a related field or prior cyber work experience. Yet with a cybersecurity workforce gap of 3.4 million people, the recruiting strategies of the past aren’t sufficient to attract and retain the new talent the industry desperately needs. With breaches becoming increasingly common and costly, more than two-thirds of business leaders (68%) say that unfilled IT and security positions pose a significant risk to their enterprises.

To gain greater insight into how the cybersecurity skills gap is impacting organizations and the unique approaches they’re taking to recruit for critical positions, Fortinet conducted its 2023 Global Cybersecurity Skills Gap Report. We surveyed over 1,800 IT and cybersecurity decision-makers across 29 countries, with respondents working in a range of industries, such as technology (21%), manufacturing (16%), and financial services (13%).

Here’s a look at key findings from the report that security and IT leaders should keep in mind as they search for new talent to protect their organizations effectively.

Breaches are rising as executives worry about unfilled cyber roles

As cybercrime becomes more sophisticated and widespread, businesses of all shapes and sizes are more likely to experience a breach today than ever before. In the past year, 84% of organizations surveyed said they fell victim to a cyberattack, a slight increase from 2021. What’s more unsettling is that nearly a third of enterprises confirmed they suffered five or more breaches representing a 53% increase over the previous year.

The fallout from these breaches can be massive. They’re often complicated and time-consuming for security and IT teams to fix and place an unnecessary financial strain on the company. According to the report, nearly 50% of organizations suffered breaches in the past 12 months that cost more than $1 million to remediate, an increase from last year.

It’s not surprising, then, that corporate executives and their board of directors are increasingly concerned about this rise in breaches and the growing cybersecurity talent gap. Data shows nearly all business leaders are being asked by their boards about the initiatives in progress to protect the organization from cyberattacks. At the same time, more boards are advocating for hiring more IT and security staff—respondents indicated that 83% of their boards suggested increasing headcount, which is up from 76% in 2021. Yet organizations say that cloud security (44%) and security operations (44%) roles are the toughest to fill.

These executives have good reason to be worried about understaffed IT and security teams: 65% of organizations expect the volume of cyberattacks to increase over the next 12 months, which makes filling crucial cybersecurity positions an even more urgent issue.

Organizations are embracing unique strategies to recruit and retain new talent

Enterprises need to embrace new strategies to recruit and retain new cybersecurity talent, looking beyond only those professionals with previous related work experience. Many individuals possess skills and traits—such as strong analytical skills—that are highly relevant to cybersecurity.

By broadening recruiting efforts to consider individuals with cybersecurity training and certifications—instead of related work experience—employers can fill these critical cybersecurity roles more quickly. Data shows that IT and security leaders highly value certifications and trainings. Ninety percent of business leaders prefer hiring individuals with technology-focused certifications, and 72% said hiring certified professionals has increased security awareness and knowledge within their organization.

Another finding from the report focuses on increasing access to training opportunities for those in untapped talent pools, particularly women, minorities, and military veterans. It’s encouraging to see that 83% of organizations incorporate diversity-related goals into their hiring practices, yet 40% of respondents still indicated that finding qualified candidates from those underrepresented groups remains a challenge.

Despite these efforts, organizations are hiring women and minorities at about the same rate as last year, and the number of businesses hiring veterans decreased by 6% from 2021 to 2022.

Training and certification programs are crucial for attracting more diverse candidates

As cybercrime flourishes, filling critical roles is table stakes for the IT and security teams tasked with protecting their corporate networks. Embracing training and certification programs is an excellent way to attract a more diverse group of candidates to cybersecurity and find qualified individuals to fill essential positions sooner than later.

Fortinet is committed to training a million people in cybersecurity by 2026 in an effort to shrink the skills gap. To help increase access to training and certifications, the Fortinet Training Institute offers industry-leading training and certifications for current and aspiring security professionals interested in learning foundational skills to help them progress in IT and security careers.

Programs like this one offer organizations access to a broader talent pool of individuals who want to upskill or reskill to jump-start or advance their careers. The result is a win-win: Enterprises can grow their IT and security teams—and decrease the chances their current staff members will burn out—while individuals from all backgrounds can pursue new opportunities in cybersecurity. Embracing these unique recruiting strategies is the only way to shrink the cybersecurity skills gap, help organizations find the necessary talent, and guard against increasing cyber threats.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification program, Academic Partner program, and Education Outreach program—are increasing access to training to help solve the cyber skills gap.