Fortinet has published its 2026 Global Cybersecurity Skills Gap Report, warning that cybersecurity hiring and resourcing challenges are continuing even as threats become more complex and cybercriminals increasingly use AI.
The report frames the skills gap as both a continuing cause of breaches and a strategic business risk—particularly where corporate decision-makers recognise cybersecurity importance but still struggle to approve investment and talent acquisition.
Fortinet’s survey results suggest the situation remains serious. The company reports that 86% of organisations experienced one or more breaches in the past 12 months, and 52% said those breaches cost them more than $1 million.
It also highlights a continuing pattern: for the third consecutive year, IT leaders cite lack of cybersecurity skills as a top cause of security breaches, at 56%.
Yet even with this awareness, the report says approval for additional talent is difficult, with 49% struggling to get sign-off for more cybersecurity headcount—despite 50% noting executives or board members have faced penalties after a cyberattack.
A related concern is how AI is changing daily work for both defenders and non-specialists. Fortinet says employee use of AI creates risk that leadership may not fully understand, noting that only 50% of leaders believe board members are “fully aware” of potential risks from AI use.
Looking ahead, 63% of respondents expect increased demand for AI oversight and governance roles within cybersecurity teams over the next three years, implying that workforce needs may shift beyond traditional defensive skill sets.
Despite these gaps, Fortinet also describes a parallel trend of rising AI adoption in security. The report states that 91% of respondents are using or experimenting with AI-powered cybersecurity solutions, and 84% say AI-enhanced tools help IT and security teams operate more effectively. However, defending against AI-enabled attacks remains a top concern for many organisations, with 44% citing it specifically.
On the hiring and capability side, Fortinet points to programmes and investment that aim to close the gap. The company reports that 92% of respondents would pay for an employee to become certified, up from 73% in the 2025 report. It also says 92% use initiatives such as internships, apprenticeships and partnerships to source talent, with 71% reporting formal hiring targets for underutilised talent pools.
Dr. Carl Windsor, CISO at Fortinet, emphasised the need for sustained prioritisation of cybersecurity, stating that “cybersecurity is not simply a technical issue but a strategic business risk.”
He argues that boards generally recognise this importance, but more investment is still required to address accelerating AI risks alongside the persistent skills shortage.
