CISO ME Issue 01 | Page 28

F
SKILLS

The growing disconnect between cyber-risk and hiring

ortinet has released the 2026

F

Global Cybersecurity Skills Gap
Report, revealing the emerging and persistent challenges organisations face as they grapple with ongoing cybersecurity skill shortages and an evolving threat landscape.
The report found that a lack of cybersecurity skills, stemming in part from insufficient investment in cybersecurity talent, remains a leading cause of damaging security breaches. While cyber defenders are effectively leveraging AI-powered tools, upskilling and reskilling remain essential to fully realise the benefits of these technologies. Despite investment gaps, organisations are making deliberate efforts to attract and retain cybersecurity talent.
“ Cybersecurity is not simply a technical issue but a strategic business risk. This year’ s survey suggests that while boards generally recognise the importance of cybersecurity, more investment is needed to address key issues, such as emerging AI risks and the ongoing cybersecurity skills shortage. Addressing these issues is critical to business resilience in an increasingly complex threat landscape,” said Carl Windsor, CISO at Fortinet.
The survey revealed that 86 % of organisations experienced one or more
The survey found that 92 % of organisations would pay for employees to gain certifications, up from 73 % in the 2025 report. breaches during the past 12 months, with 52 % reporting losses exceeding US $ 1 million, up from 38 % in 2021. Breaches were most costly in North America, where the average cost reached US $ 2 million.
For the third consecutive year, IT leaders identified a lack of cybersecurity skills as a leading cause of breaches, cited by 56 % of respondents. More than half( 51 %) said seniorlevel cybersecurity expertise is their greatest need, yet 49 % struggle to secure approval for additional cybersecurity talent. Notably, 50 % said executives and board members had faced penalties following a cyberattack.
The report also highlights growing concerns around AI. Employee use of AI introduces risks that many organisations do not fully understand, with only 50 % of respondents believing their boards are fully aware of the potential risks associated with AI use. Looking ahead, 63 % expect increased demand for AI oversight and governance roles within cybersecurity teams over the next three years.
Encouragingly, investment in certifications continues to rise. The survey found that 92 % of organisations would pay for employees to gain certifications, up from 73 % in the 2025 report. In addition, 92 % use internships, apprenticeships, partnerships and other programmes to attract talent from underrepresented groups, while 71 % have formal hiring targets for underutilised talent pools.
AI-powered cybersecurity tools are now widely adopted, with 91 % of respondents either using or experimenting with AIenabled security solutions. Skepticism around AI for cybersecurity has declined to 38 %, down from 43 % last year. Furthermore, 84 % said AI-enhanced security tools are
Carl Windsor, CISO at Fortinet
helping IT and security teams become more effective and efficient.
However, AI is also widening the skills gap. Sixty per cent of respondents identified finding cybersecurity professionals with AI expertise as their top recruitment challenge. As a result, 92 % plan to invest in AI-related cybersecurity training or certifications over the next 12 months. Organisations are also developing new capabilities in AI model development( 55 %), AI tool oversight( 54 %) and security automation( 52 %). Meanwhile, 59 % are creating internal training and reskilling programmes, while 52 % are sourcing training from industry vendors.
The report concludes that organisations must adopt a layered approach to cybersecurity that combines people, processes and technology, while continuing to invest in awareness, training, certification and advanced security technologies to close the skills gap and strengthen resilience.
28 WWW. INTELLIGENTCISO. COM / MIDDLE-EAST