Cybersecurity continues to face a familiar challenge: a shortage of professionals, especially senior profiles, while artificial intelligence is raising the bar even higher for what companies need to know. The Fortinet 2026 Cybersecurity Skills Gap Global Report, based on a survey of 2,750 IT and cybersecurity leaders across 32 countries, reveals an uncomfortable paradox: organizations are experiencing more breaches, increasingly rely on AI-powered tools, but still struggle to hire, train, and retain specialized talent.
The most straightforward data point is hard to ignore. 86% of surveyed organizations report experiencing one or more security breaches in the past 12 months, with 29% admitting to five or more. Additionally, 52% say those incidents cost more than $1 million. It’s not just a technical issue. The report highlights that, for the third year in a row, IT leaders cite the lack of cybersecurity skills as a primary cause of breaches, even ahead of many debates over specific tools.
AI helps, but also widens the talent gap
Fortinet paints a picture of a market where AI is now part of the daily routine for defense teams. 91% of respondents say their organization is using or experimenting with AI-based cybersecurity solutions, and 84% state that these tools are making their IT and security teams more effective and efficient. Adoption, therefore, no longer appears to be an emerging trend but rather a widespread practice.
An easy assumption would be that AI will fill the talent gap. The report suggests that AI can assist with repetitive tasks, analyzing large volumes of data, anomaly detection, and faster incident response. However, it also warns that technology does not eliminate the need for human judgment. On the contrary, it creates new demands for oversight, governance, and technical expertise.
60% of respondents say their main hiring challenge is finding cybersecurity talent with specific AI experience. Furthermore, 63% expect to need more roles focused on AI oversight and governance within the next three years. AI is not just automating parts of the work; it’s also requiring new roles and reskilling professionals who previously didn’t need to evaluate models, automations, internal use risks, or AI-driven attacks.
| Report Indicator | Key Data |
|---|---|
| Organizations using or testing AI in cybersecurity | 91% |
| Teams reporting increased effectiveness thanks to AI | 84% |
| Organizations with one or more breaches in 12 months | 86% |
| Breaches costing over $1 million | 52% |
| Breaches attributed to skills shortages | 56% |
| Difficulty finding AI-experienced talent | 60% |
| Organizations planning to invest in AI cybersecurity training | 92% |
| Preference for candidates with technical certifications | 91% |
Concerns about AI extend beyond hiring. 45% of respondents cite data leaks and sensitive information breaches as top worries in their AI-related cybersecurity plans, and 44% mention defending against AI-driven attacks. Thus, technology becomes both a defensive tool and a surface of risk.
Boards are paying attention but not always funding
One of the report’s most sensitive points is the role of corporate boards. 73% of respondents say cybersecurity is a business priority for their board, but only 59% state it’s also a financial priority with dedicated budgets. The distinction matters. Many companies discuss cybersecurity strategically but don’t always translate those concerns into sufficient investment in people, processes, and technology.
The report also finds that only 50% of leaders believe their board members are fully aware of the risks associated with AI use. Another 42% think their awareness is moderate. As employees increasingly utilize AI tools, attackers automate campaigns, and defense teams rely more on models and automation, this lack of understanding at the executive level could become a governance issue.
Responsibility is concrete. Fortinet reports that 50% of respondents say their board members or executives have suffered sanctions following a cyberattack, including fines or job loss. Cybersecurity is no longer confined to the technical department; significant failures can impact top management.
Organizations are reacting post-incident. The report notes that after an attack, common responses include expanding the IT or security team, implementing employee awareness programs, requiring technical certifications, and investing in better security solutions, often with AI. However, these reactive measures don’t replace a well-funded preventative strategy.
Senior talent becomes the most sought-after resource
Talent shortages are not uniform across profiles. 51% of respondents say they primarily need senior cybersecurity professionals, compared to 32% seeking mid-level profiles and 13% entry-level. This reflects a market reality: organizations don’t just need more personnel; they need professionals capable of making complex decisions, designing architectures, coordinating incident responses, governing AI risks, and translating technical threats into business language.
These profiles are expensive, scarce, and hard to retain. 56% of organizations report difficulty recruiting cybersecurity talent, and 52% admit to challenges in retaining it. Lack of training and growth opportunities are common factors in attrition: 48% mention that the absence of development programs can negatively impact retention.
Certifications still hold significant weight. 91% of IT leaders prefer candidates with tech certifications, and 92% are willing to pay for certifications for their employees. Moreover, 92% plan to invest in training or certifications related to AI and cybersecurity over the next year.
This indicates a practical shift in closing the talent gap. Hiring externally is no longer enough. Companies will need to train their current teams, develop internal career paths, combine certifications with real experience, and leverage AI to reduce repetitive tasks—never to replace the essential expert knowledge shortage.
More diversity, but slow progress
Fortinet emphasizes expanding recruitment sources. 71% of organizations have formal goals to hire cybersecurity talent from underrepresented groups, and 92% use programs, partnerships, and initiatives to attract such profiles. Nevertheless, workforce composition changes slowly compared to initiatives’ ambitions.
Only 26% of IT or cybersecurity employees are women, staying nearly level with the previous year. Minority representation stands at 20%, veterans at 16%, and spouses of veterans at 14%. The report warns that 31% of organizations find it more difficult to locate qualified female candidates, up from 20% last year.
The conclusion is clear: opening the door to more diverse profiles must go beyond setting goals. It requires training, support, certifications, mentoring, and real opportunities for advancement. In cybersecurity, where experience is highly valued, companies that don’t build talent pipelines will continue competing for the same limited professionals.
The Fortinet report offers a fundamental warning. Cybersecurity cannot be solved solely by purchasing more tools, even if those tools incorporate AI. Gaps remain common, costs stay high, and the human factor repeatedly proves both a cause and a solution. The difference between a vulnerable and a resilient organization increasingly depends on its ability to combine technology, training, governance, and leadership.
AI can accelerate defense measures but can also speed up mistakes if used without oversight, talent, or sufficient budget. The report highlights this tension: companies understand cybersecurity’s importance but don’t always invest as if they truly prioritize it.
Frequently Asked Questions
What does the Fortinet report reveal about security breaches?
86% of surveyed organizations experienced at least one breach in the past year, and 52% report that these incidents cost over $1 million.
Is AI helping cybersecurity teams?
Yes. 84% say AI-based security tools make their teams more efficient and effective, though they also create new oversight and training needs.
What is the biggest recruitment challenge?
60% cite finding cybersecurity professionals with specific AI experience as their main challenge.
Why do certifications remain important?
Because 91% of IT leaders prefer candidates with technological certifications, and 92% are willing to pay for them.
via: fortinet