Skills shortage exacerbates cyber risks in Germany and EMEA

Fortinet has published its 2024 Global Cybersecurity Skills Gap Report published. The report highlights the ongoing challenges of the global cybersecurity skills shortage.

The key findings of the report are:

• Companies increasingly attribute security breaches to a lack of cybersecurity skills.
• Violations continue to have serious consequences for companies, and those responsible are often punished.
• Certifications continue to be seen by employers as proof of up-to-date cybersecurity skills and knowledge.
• There are still numerous opportunities to recruit new employees from various talent pools to address the cybersecurity skills shortage.

Companies worldwide continue to be affected by the cybersecurity skills shortage

According to estimates four million skilled workers are needed to cover the growing shortage of personnel in the cybersecurity sector. According to the 2024 Global Cybersecurity Skills Gap Report by Fortinet 70 percent of companies say that a lack of cybersecurity skills poses additional risks for them. Other findings that highlight the impact of the growing cybersecurity skills shortage on organizations worldwide include

• Companies are increasingly attributing security breaches to a lack of cybersecurity skills. Last year, nearly 90 percent (87 percent) of business leaders said they had been the victim of a breach due in part to a lack of cyber skills, up from 84 percent in the 2023 report and 80 percent the year before.
• Violations have serious consequences for companies. The consequences of breaches are manifold and range from financial to reputational issues. This year’s survey shows that executives are increasingly being held accountable for cybersecurity incidents. 51 percent of respondents said that board members or senior executives have faced fines, imprisonment, loss of position or job after a cyberattack. In addition, more than 50 percent of respondents said data breaches cost their organization more than $1 million in lost revenue, fines and other expenses in the previous year – up from 48 percent in the 2023 report and 38 percent the previous year.
• Board members see cybersecurity as a business necessity. As a result, managers and board members are giving cybersecurity an increasingly high priority. 72% of respondents stated that their board members were already focusing more on security in 2023 than in the previous year. 97% of companies stated that their board of directors considers cybersecurity to be a business priority.

HR managers value continuous training and certification

Executives widely view certifications as proof of cybersecurity knowledge, and those who hold a certification or work with someone who does see clear benefits. This year’s survey also found that:

• Candidates with certifications stand out from the crowd. More than 90 percent of respondents stated that they prefer applicants with certifications.
• Managers believe that certifications improve the safety profile. Respondents attach so much importance to certifications that 89 percent said they would pay for an employee to obtain a cybersecurity certification.
• It is not easy to find candidates with certifications. More than 70 percent of those surveyed stated that it was difficult to find applicants with technology-oriented certifications.

Companies are expanding their recruitment criteria to fill vacancies

With the ongoing cybersecurity skills shortage, some organizations are diversifying their recruiting pools to include candidates with non-traditional skills – such as those with a four-year degree in cybersecurity or a related field – to attract new talent and fill open positions. Shifting these hiring requirements can open up new opportunities, especially if companies are also willing to pay for certifications and training. The report also found that:

• Companies continue to have programs to recruit from a diverse talent pool. 83 percent of respondents said their companies have set diversity hiring goals for the next few years, which is consistent with last year’s report but slightly lower than the 2021 figure of 89 percent.
• Diversity hiring varies from year to year. Despite continued hiring goals, the percentage of female hires has decreased to 85 percent from 89 percent in 2022 and 88 percent in 2021. Hiring of minority group members remains unchanged at 68 percent, a slight increase from 67 percent in 2021, while hiring of veterans has increased slightly from 47 percent in 2021 to 49 percent in 2022, but is down from 53 percent in 2021.
• While many recruiters value certifications, some companies still prefer applicants with traditional backgrounds. Although many respondents said they value certifications, 71 percent of companies still require four-year degrees and 66 percent only hire applicants with traditional educational backgrounds.

Companies take a three-pronged approach to building cyber resilience

The increasing frequency of costly cyberattacks and the potentially serious personal consequences for board members and managing directors are increasing the pressure to strengthen companies’ cyber defenses. As a result, companies are focusing on a three-pronged approach to cybersecurity that combines education, awareness and technology:

• Support IT and security teams in acquiring key cybersecurity skills by investing in training and certifications.
• Build a cyber-aware frontline team that can contribute to a more secure organization as the first line of defense.
• Use of effective cybersecurity solutions to ensure a strong security profile.

About the survey

• The survey was conducted among more than 1,850 IT and cybersecurity decision-makers from 29 different countries and locations.
• Respondents came from a range of industries, including technology (21 percent), manufacturing/production (15 percent) and financial services (13 percent).

(pd/Fortinet)