Skills gap challenges persist in a high-stakes landscape where cybercriminals weaponise AI and IT professionals lack proficiency to use the technology defensively.
Fortinet, the global cybersecurity leader driving the convergence of networking and security, has released the 2026 Global Cybersecurity Skills Gap Report, revealing the emerging and persistent challenges organisations face as they grapple with ongoing cybersecurity skill shortages and an ever-evolving threat landscape.
Key findings from the global survey show that the lack of cybersecurity skills, stemming in part from insufficient investment in cybersecurity talent, remains a top cause of devastating security breaches. While cyber defenders are effectively leveraging AI-powered tools, upskilling and reskilling are necessary to fully reap the benefits of these advanced technologies. Despite gaps in investment, intentional efforts are being made to attract and retain top-tier cybersecurity talent.
“Cybersecurity is not simply a technical issue but a strategic business risk. This year’s survey suggests that while boards generally recognise the importance of cybersecurity, more investment is needed to address key issues, such as emerging AI risks and the ongoing cybersecurity skills shortage. Addressing these issues is critical to business resilience in an increasingly complex threat landscape,” said Carl Windsor, CISO at Fortinet.
Amid high stakes, cybersecurity must be prioritised
A lack of cybersecurity skills remains a top cause of devastating security breaches in enterprises. The stakes are high, with 86% of organisations reporting one or more breaches in the past 12 months. More than half (52%) say breaches cost them over $1 million, up from 38% in 2021. Breaches cost most in North America, where the average cost stands at $2 million.
The shortage of cybersecurity skills remains a top concern. IT leaders cited a lack of cybersecurity skills as a top cause of security breaches (56%) for the third consecutive year. Just over half (51%) say senior-level cybersecurity skills are needed most of all, yet 49% struggle to get approval for additional cybersecurity talent. The finding is surprising given that 50% say executives and even Board members have faced penalties after a cyberattack, underscoring the risk.
Employee use of AI is also creating new cybersecurity challenges that Boards fail to understand.
Only half (50%) of leaders believe their Board members are fully aware of the potential risks from AI use. A new skills gap may emerge as AI adoption continues, with 63% expecting greater need for AI oversight and governance roles on cybersecurity teams over the next three years.
Investment in certifications, however, is up year-on-year. An overwhelming 92% of respondents revealed they would pay for an employee to get certified, up from 73% in the 2025 report. Dedicated initiatives to identify and nurture talent are also gaining momentum, with 92% using internships, apprenticeships, partnerships, and programmes to source talent from underrepresented groups, while 71% report formal hiring targets for underutilised talent pools.
AI for cybersecurity creates opportunities and challenges
Adoption of AI-powered cybersecurity tools is widespread as decision-makers see the technology’s potential to support cybersecurity teams with their operations. The survey found that 91% of respondents are using or experimenting with AI-powered cybersecurity solutions, while scepticism or uncertainty about AI for cybersecurity has fallen to 38%, down from 43% in last year’s report.
AI is supporting IT and security professionals, with 84% saying AI-enhanced security tools are helping teams be more effective and efficient. The capability is critical, as cyber defenders and cybercriminals are now equipped with the same technology, and 44% of respondents cited defending against AI cybersecurity attacks as a top concern.
Artificial intelligence is simultaneously widening the cybersecurity skills gap, even as multiple efforts are underway to overcome it. Six in ten (60%) respondents say their top recruiting challenge is finding cybersecurity talent with specific experience in AI, while 92% are likely to invest in AI-related cybersecurity training or certifications in the next 12 months.
Organisations say they require staff with new skillsets to support their adoption of AI, including AI model development (55%), AI tool oversight (54%), and security automation (52%). Nearly six in ten (59%) organisations are developing internal training or reskilling programmes to support AI adoption, while 52% are procuring training or reskilling from industry vendors.
Business resilience requires investment in closing the skills gap
Board and executive-level investment in a layered approach to cybersecurity, one that blends people, processes, and technology, is essential. Organisations should continue tapping into underutilised talent pools and investing in training and upskilling to build and retain the expertise they need. Such an approach requires coordination grounded in three key pillars: raising awareness and education, expanding access to targeted training and certification, and deploying advanced security technologies.
The award-winning Fortinet Training Institute provides one of the largest and broadest training programmes in the industry to make cyber training and new career opportunities available to everyone, and includes a Security Awareness Training service for organisations to develop a cyber-aware workforce.
Fortinet is on track to train one million people in cybersecurity around the world this year, a pledge that began in 2022, as part of its commitment to addressing this growing challenge.
