Fortinet cybersecurity skills gap report warns enterprises

Fortinet has released its Fortinet cybersecurity skills gap report for 2025, highlighting how persistent shortages in cybersecurity talent are increasing organisational risk at a time when AI is reshaping both defence strategies and attack methods.

Based on a global survey, the report outlines how lack of training, limited AI expertise and unfilled security roles continue to expose organisations to higher breach rates and financial losses, despite cybersecurity being elevated to a board-level priority.

Skills shortages deepen as AI reshapes security

The report finds that organisations are increasingly turning to AI to strengthen security operations and compensate for talent gaps. At the same time, many acknowledge that AI is also being used by attackers to create more sophisticated threats.

A lack of cybersecurity awareness and training remains the leading cause of breaches, while insufficient AI skillsets across security teams are emerging as a new point of vulnerability. Boards continue to prioritise cybersecurity, but gaps remain in understanding how AI changes the threat landscape.

Saudi Arabia highlights regional talent challenges

In Saudi Arabia, accelerated digital transformation under Vision 2030 has increased reliance on Cloud services, e-government platforms and smart city initiatives. This shift has heightened demand for AI-driven cybersecurity capabilities.

While the Kingdom’s National Cybersecurity Authority has emphasised local talent development, the report notes that demand for skilled professionals continues to exceed supply, particularly in high-value sectors such as government and financial services.

Rising breaches and growing financial impact

The Fortinet cybersecurity skills gap report links talent shortages directly to increased security incidents. In 2024, 86 percent of organisations experienced at least one cyber breach, with 28 percent reporting five or more incidents. This marks a sharp rise compared to earlier findings in 2021.

More than half of surveyed organisations reported cyber incidents costing over USD 1 million in 2024. A lack of IT security skills and training was cited by 54 percent of respondents as a leading cause of breaches.

In Saudi Arabia, organisations reported a growing number of incidents involving identity fraud, phishing and AI-driven attacks, even as regulatory frameworks such as the Essential Cybersecurity Controls mandate stronger resilience.

AI adoption outpaces AI expertise

AI-enabled security tools are now widely deployed, with 97 percent of organisations either using or planning to implement AI-based cybersecurity solutions. Threat detection and prevention are the most common use cases.

Most cybersecurity professionals view AI as an enabler rather than a replacement, with 87 percent expecting it to enhance their roles. However, nearly half of IT decision-makers cited a lack of staff with sufficient AI expertise as the biggest obstacle to effective implementation.

The report also notes that organisations suffering the highest number of attacks often already had AI tools in place, reinforcing the view that technology adoption without skilled teams is insufficient.

Board attention rises, understanding lags

Cybersecurity has become a business and financial priority for most organisations, with 76 percent of boards increasing their focus on the issue in 2024. Despite this, fewer than half of respondents said their boards fully understand the risks introduced by AI.

Board awareness was higher in organisations already deploying AI in cybersecurity programmes, suggesting experience plays a role in closing the understanding gap.

Certifications and upskilling remain central

The report highlights continued demand for certified professionals, with 89 percent of IT decision-makers preferring candidates with certifications. Certifications are viewed as validation of technical knowledge, currency with evolving threats and familiarity with vendor tools.

However, organisational willingness to fund certifications has declined, dropping to 73 percent from 89 percent in 2023. National initiatives and public-private partnerships, including programmes in Saudi Arabia, are working to subsidise training and expand access to professional certifications.

Closing the gap seen as critical to resilience

The Fortinet cybersecurity skills gap report concludes that closing the talent gap is essential to business resilience as cyber risk and AI adoption continue to grow. Organisations are urged to rethink hiring practices, invest in training and expand access to education and certification.

Fortinet noted its ongoing efforts to address the shortage through training initiatives, including a commitment to train one million people in cybersecurity globally by the end of 2026, as part of a broader push to build long-term cyber expertise.