Transcript
TOM FIELD: Let us start by exploring survey findings from Fortinet’s latest 2026 Global Cybersecurity Skills Gap Report. What surprised you?
MELONIA DA GAMA: There’s two areas or two trends that surprised me this year. The first one is that we’re leaning more on AI for security within our organizations.
And I’ll explain that in a minute. And the second is that there is an inaction at the board level that is causing risk for organizations. When we talk about the first one, leaning in on AI, it’s not surprising that we’re doing that.
Last year, we talked about how AI provided a threat, an opportunity and a challenge. And that is still true today. We’re still seeing that those threats coming in, they’re faster, they’re more organized and structured.
They’re more effective than ever before because we’re seeing the bad actors leveraging AI. But we’re also talking about the opportunity with AI powered solutions. So it’s that fight fire with fire type mentality.
If those attacks are coming in using AI at that speed, you need that speed and intelligence on the defense side to be able to detect that small little change on your network and be able to flip that up to a senior security personnel that can then decide how to deal with it. That’s the focus this year. And we’re seeing a lot of discussion around that.
Leaders are already saying that they’re seeing their security teams be more effective because of this. And they’re trusting AI a lot more because to do core security functions that they weren’t able to leverage before. And that’s working well for them.
And they’re testing that on live environments right now. So they’re live networks at 41 percent and another 42 percent are experimenting with it. So together, that makes for a large percentage.
On the board side, it’s we’re seeing a lot of need for education for board members on cybersecurity in general, but also cybersecurity and AI. They may be prioritizing it and that number is going up little by little each year over the last three years that we’ve asked the question from a business priority, but they’re not putting the funds behind it in every case. There was a 14 percent delta between those board members that prioritized it as a business priority versus a financial priority, which we defined as assigning budget.
FIELD: Now, one thing I read in there is that the global IT and cybersecurity decision makers you surveyed revealed that a lack of executive buy in is actually stalling cybersecurity hiring. So tell us what this means for today’s practitioners and leaders in the organizations that they’re tasked with protecting.
DA GAMA: They are tasked with protecting, and it’s surprising because they’re getting hit hard. Eighty six percent of organizations around the world saw one cyber attack due to the lack of skills and knowledge on their IT and security teams. And that’s the specific questions we asked.
We weren’t asking if their products weren’t working or if they weren’t leveraging AI. It was about the skills of their teams. So 86 percent said they had one or more attack, and another 29 percent said they had five or more attacks in the last 12 months for the report.
That was interesting. And the cause of breaches hasn’t changed in the last three years. It goes back to the skills and knowledge of your IT teams again.
Again, it’s the people that we’re seeing that need to get skilled up in order to use these systems that we have in place. And by the same vein, 49% were struggling to get to hire more individuals. And we’re seeing organizations looking to hire and train and skill up after an attack, which is interesting because they should be thinking about that now.
And it’s even more concerning because we’re seeing board members who are being penalized after an attack. And that focus needs to be there. A lot of things going on in that area.
FIELD: Now, enterprises have grappled with cybersecurity skills gap for years, almost decades now. Share a little bit more about the ongoing and emerging risks associated with the skills gap as revealed in this year’s report.
DA GAMA: One of the biggest ongoing trends with the skills gap is it remains the number one cause of breaches. And that flips between the IT and security team, as well as the overall security awareness of your organization. It’s very clear today that cybersecurity is everybody’s responsibility.
That’s your entry level person all the way up to your CEO and your board member as well. We’re all the targets for it. We’re seeing the top four attacks coming in, targeting the end user.
That’s need to skill up the human part of your networks, as well as to make sure that you’re utilizing AI in your cyber solutions. That’s ongoing. Emerging, there’s risk when it comes to shadow AI.
Every employee is using AI in some way in their roles right now. And they’re unmanaged and the guidance isn’t there within organizations. Organizations need to be focusing on what guardrails they need to put in place and what governance needs to be put in place.
And this should be at the C level, as well as the board of directors involved in making sure this happens. We’re also seeing that everyone is desperately searching for talent with AI experience. And the majority of them, I think it was 52 percent, are looking at senior people.
That might be because we’re automating at a lower level some of those tasks. Or it might be that we’re looking to senior people to implement these projects we have with AI. We’re not sure.
We have to ask more questions next year on that one. But to solve the problem, it’s good to hear that 92 percent of organizations are willing to invest in training and certification on AI and cybersecurity.
FIELD: You can’t have a conversation without it being AI. How do you see enterprises using AI? How do you see an impact in the workforce as we go forward even later this year?
DA GAMA: Yeah, the stats were high on usage. 91% of organizations were either using it on their AI network within AI enabled security solutions or they were experimenting it. I think it was 41 percent were using it.
Forty two percent were experimenting with it. Eight percent, I believe, thought they’d check in on it next year too late. And there was this pesky one percent that wasn’t even interested as well.
I need to find out who that one percent is. And the skepticism, obviously, around AI is going down. The benefits are being seen.
Eighty four percent are saying they’re seeing that their IT and security teams are performing better because they’re working with AI and they’re trusting it to work independently on core security functions. That’s good. That was at a high percentage.
And then another 42 percent said that they would trust it with limited human oversight. So we’re seeing a lot of work being done in AI becoming a member of the team.
FIELD: The survey revealed some interesting insights about the industry at large when it comes to hiring and training. What can you share with us?
DA GAMA: I think the message is clear that training and certification can definitely help not only your IT and security teams, but overall employee knowledge as well. We’re seeing that skills gap across the board with organizations. And as I said, they’re sometimes looking at it too late.
They’re addressing it after an attack. And organizations need to be looking into that now, especially with the speed that we’re seeing attacks come in that are leveraging AI. The good news was that 91 percent said they wanted to hire someone with a technology certification and another 92% said that they would pay for one of their employees to get certified.
That number had dropped to 73% last year, and we could not figure out why it actually rebounded to the 92% I just mentioned, which is the highest we’ve seen it over the last few years. That was encouraging to see. And organizations are looking to a lot of different populations now.
In order to close the skills gap, we’re having to look at everybody. When they’re not looking at certifications, degrees and diplomas are still high on the list. But so are internships and apprenticeships and partnerships that are offering hands on experience.
And we know from our experts through our own certification program that hands on experience is what helps people develop that expertise. Finding those programs that are providing that is important. We’re seeing that at Fortinet and the Fortinet Training Institute.
We have a certification program and we have pledged to train one million people by the end of 2026. It’s part of our mission at the training institute to create experts in cybersecurity, but also create the workforce of tomorrow.
FIELD: Now, before we part here, tell me a little bit more about Fortinet’s pledge and how it furthers the company’s public commitment to advancing cybersecurity through education.
DA GAMA: Absolutely. We put the pledge out in 2021 and it ran from 2022 until it’s supposed to go to the end of this year. We wanted to train one million people in cybersecurity over that five year span.
And that’s using our training and certification program. It’s using career growth programs that we invest in, as well as employment assistance programs as well. So we work with a lot of different groups from a corporate social responsibility standpoint.
I’m very pleased to say that we are on track to meet that goal by the end of this year. And it’s to help reduce the cybersecurity skills gap, but ensure that we’re advancing cybersecurity around the globe as well.
