Fortinet: IT Skill Gaps Drive Cybersecurity Breaches

A Fortinet's report links security breaches to a lack of awareness of digital risks and unsatisfactory skills among IT teams, highlighting the urgency of investing in cybersecurity inside the companies, stressing the need for greater cybersecurity investment.

Fortinet's 2024 Cybersecurity Skills Gap report revealed that the main causes of security breaches are a lack of skills and training among IT and security personnel (58%), a lack of security awareness within the organization (56%), and a shortage of cybersecurity products (54%). In addition, 70% of respondents believe that a shortage of cybersecurity skills creates additional risks. Furthermore, 62% of IT managers identify the biggest challenge is finding candidates with specific expertise in network and security engineering.

“These figures highlight the importance of fostering a culture of cybersecurity at all levels of the organization, regardless of the position or role of each collaborator, as 56% of cyber-attack cases are attributed to a lack of awareness of digital risks. In addition, 58% of organizations admit that their IT and security staff lack the necessary skills and training,” said Manuel Moreno, CISO, IQSEC via a press release. 

The shortage of candidates with the appropriate network and security engineering experience poses an additional concern. Sixty-two percent of IT managers consider this gap their biggest challenge. Moreover, the World Economic Forum estimates a current global shortfall of 4 million cybersecurity professionals needed to meet market demands.

To address this scenario, Moreno emphasizes the importance of considering managed service solutions such as Security Operations Centers (SOCs) and Virtual Chief Information Security Officers (CISOs) as viable alternatives. These options enable organizations to leverage a pool of specialists without making long-term investments in internal staff. Such initiatives optimize resources and strengthen companies' security postures, ensuring a more effective response to cyber threats in a constantly evolving environment.

These recommendations take on added relevance in the wake of Fortinet's survey statistics, which reveal the significant costs associated with security breaches. Eighty-seven percent of respondents reported experiencing at least one security breach by 2023. Sixty-three percent indicated that recovery from a cyberattack took more than a month, while 53% reported that breaches cost them more than US$1 million in lost revenue, fines, and other expenses

“It is critical that senior management recognizes that cybersecurity transcends the technical aspects and becomes a critical business continuity issue,” said Moreno. “Investment in cybersecurity should be seen as an essential strategy to ensure the sustainability and growth of organizations in a digitized and vulnerable environment. Companies that take a proactive approach to cybersecurity will not only protect their assets, but also strengthen their reputation and trust in the marketplace.”

Moreover, at the boards of directors’ level, organizations are implementing measures to address this scenario. These measures include mandatory training or certifications for IT and security personnel (64%), security awareness training for all employees (61%), and the procurement of security solutions (59%). In addition, 72% of respondents indicated that their boards are more focused on cybersecurity in 2023 than in the previous year.

Moreno also emphasizes the importance of making cybersecurity decisions within a multidisciplinary team that includes senior management, such as the CEO and CFO. These executives are responsible for allocating the necessary resources to mitigate risks, as they hold the responsibility for ensuring that adequate resources are directed towards effective risk management.