Globally, 80% of organisations suffered one or more breaches during the last 12 months due to a lack of cybersecurity skills and/or awareness, with 38% reporting that breaches cost them over a million dollars (USD), according to cybersecurity company Fortinet's 2022 Cybersecurity Skills Gap report.
The survey found that 76% of organisations across the globe now have a board of directors who explicitly recommend increases in IT and cybersecurity headcount as cybercriminals develop attacks faster since the COVID-19 pandemic began in 2020. However, 60% of organisations said they struggle to recruit cybersecurity talent – with 52% struggling to retain qualified people and 67% agreeing that the shortage of qualified cybersecurity candidates creates additional risks.
Moreover, recruiting and retaining a cybersecurity team is not enough to make an organisation more resilient to cyberattacks. Fortinet explained that all employees within the organisation must have knowledge and awareness to protect themselves and their organisation's data. As a result, 87% of organisations implemented a training program to increase cyber awareness, although 52% of leaders claimed that their employees still lack the necessary knowledge. Of those without a training program, 66% said they are still looking for a program that will suit their needs.
A recent cyber risk index (CRI) found that a majority of organisations globally (76%) expect to be successfully breached in the next 12 months, with 25% saying it is “very likely” to happen. Meanwhile, a recent survey from WTW and law firm Clyde & Co found that cyber-related issues were the top risks facing directors and officers across the globe in 2022.
Fortinet said organisations can improve their cybersecurity by:
- Recruiting people who are qualified, skilled, and certified for various network- and security-related roles;
- Expanding their search and focus on diversity to create the specialised teams they aim to build;
- Improving their ability to retain people by helping employees improve their skills, get certified, and continue their professional development; and
- Providing technical and non-technical employees with cybersecurity awareness training to develop critical cyber-hygiene skills.
“Cybersecurity can sometimes feel like a purely technological domain. But when you look past the technology that organizations rely on, cybersecurity is all about how well your employees work together to protect the organization,” the report said.