Cyber skills shortage & rising AI use drive higher breach costs

Fortinet has published its 2025 Global Cybersecurity Skills Gap Report, revealing ongoing and emerging challenges posed by a shortage of cybersecurity professionals and the impact of artificial intelligence (AI) within organisational security postures.

The report's findings are based on a global survey of over 1,850 IT and cybersecurity decision makers across 29 countries, representing industries such as technology, manufacturing, and financial services. According to the research, a widespread reliance on AI both as a defensive and offensive tool is accompanied by a distinct lack of AI expertise, leaving organisations vulnerable.

AI adoption amid skills shortage

The survey shows 97 per cent of organisations have already implemented or intend to implement AI-enabled cybersecurity solutions, particularly for threat detection and prevention. The move reflects increasing pressure on short-staffed security teams and the hope that AI can improve operational effectiveness. Eighty-seven per cent of cybersecurity professionals said they expect AI to enhance, rather than replace, their roles by offering efficiency and relief from workloads compounded by the global skills shortage.

However, the availability of relevant skills is a limiting factor. While 80 per cent note AI is helping IT and security teams become more effective, 48 per cent of IT decision makers cite a lack of staff with sufficient AI expertise as the greatest challenge to successful implementation. Seventy-six per cent of organisations experiencing nine or more cyberattacks in 2024 had AI tools in operation, highlighting that AI adoption alone is not sufficient protection without specialised knowledge.

Carl Windsor, Chief Information Security Officer at Fortinet, said, "This year's survey further underscores the urgent need to invest in cybersecurity talent. Without closing the skills gap, organisations will continue to face rising breach rates and escalating costs. The findings highlight an inflection point for both public and private sectors: Without bold action to build and retain cybersecurity expertise, the risks and costs will only continue to grow for our society."

Rising breach rates and associated costs

The survey confirms that cyber breaches are increasing in frequency and financial impact. Eighty-six per cent of organisations reported at least one cyber breach in 2024, with 28 per cent facing five or more incidents. This marks a considerable rise since 2021, when only 19 per cent reported five or more breaches. The global shortfall of cybersecurity professionals, currently estimated at over 4.7 million, is identified as a key contributor to this trend, with 54 per cent of respondents stating that a lack of IT security skills and training was a leading cause of breaches within their organisations.

The financial impact of these incidents remains significant. More than half (52 per cent) of surveyed organisations indicated that cyber incidents cost them over USD $1 million in 2024, aligned with reports from the previous year but up from 38 per cent in 2021.

Board focus and understanding of AI risks

The report finds that cybersecurity is increasingly a board-level priority. Seventy-six per cent of boards increased their focus on the issue in 2024, and almost all organisations now view cybersecurity as both a business (96 per cent) and financial (95 per cent) priority. Nonetheless, board members' understanding of AI-related risks is lagging. Less than half (49 per cent) of respondents believed their boards fully understood the risks presented by AI, with greater awareness in organisations already deploying AI in their cyber defences.

Value of certified professionals and upskilling

Organisations maintain a strong preference for hiring staff with formal cybersecurity certifications. Eighty-nine per cent of IT decision makers said they favour certified candidates, believing certifications help validate knowledge, demonstrate currency in a rapidly evolving field, and denote familiarity with critical vendor tools. However, organisational support for funding employee certifications has declined, with only 73 per cent of respondents saying they would pay for such training in 2024, down from 89 per cent the previous year.

Addressing the skills gap

The 2025 Cybersecurity Skills Gap Report identifies closing the skills gap as vital for business resilience and continued protection against cyber threats. The recommendations for bridging this gap include rethinking hiring practices, expanding access to targeted training and certification, and investing in awareness and education programs. Organisations are encouraged to focus on building comprehensive, up-to-date expertise across their teams, particularly in AI, to stay ahead of evolving threat actors and techniques.

To support these objectives, Fortinet's Training Institute offers certification and training services, including AI-specific modules, targeted at equipping current and prospective cybersecurity professionals with the knowledge necessary to address and mitigate contemporary threats. The company has pledged to train one million people in cybersecurity around the world by the end of 2026.