Why cyber skills need to be part of enterprise risk strategy

Why cyber skills need to be part of enterprise risk strategy

Rob Rashotte, Vice President, Global Training and Technical Field Enablement, Fortinet

Cybercriminals are not slowing down anytime soon, making cybersecurity into an all hands on deck effort for every enterprise. Highly skilled professionals with access to the right cybersecurity technologies are essential to protecting businesses from breaches, as is having cyber-aware employees, explains Rob Rashotte from Fortinet.

With nearly 4 million professionals needed to fill critical cybersecurity roles, organisations around the globe are feeling the impact of the ongoing skills gap. Breaches can rarely be attributed to a single cause, yet 58% of leaders indicate that a lack of IT and cybersecurity skills and training within their organisation contributes to security incidents.

All it takes is a single cyber incident to open any organisation to new threats and vulnerabilities. For example, following a breach, threat actors now have valuable insights about an enterprise’s environment that they can use to craft a new attack.

Others may attempt to capitalise off a previous breach, viewing a recently compromised organisation as low-hanging fruit. While understanding and taking steps to mitigate these risks is crucial, what is often even more concerning, especially to those in C-level positions and on the board of directors, is the potential impact these incidents can have on business operations.

That is why closing risk management strategy gaps, including addressing critical resources like staffing, is vital to protect any organisation effectively.

Cybercriminals continue to advance their operations, refining well-known attack methods and using generative AI to speed their efforts. Therefore, it is not surprising that cybersecurity incidents are rising worldwide. According to Fortinet’s 2024 Cybersecurity Skills Gap Report, almost 90% of businesses experienced one or more security breaches last year, up from 84% in 2024 and 80% in 2021.

The dire need for skilled cybersecurity professionals puts businesses at a disadvantage: Nearly three-quarters of leaders agree that the cybersecurity skills gap creates additional risks for their enterprise.

Breaches are equally common across all regions, with the average number of breaches per organisation in Asia Pacific being the highest, 3.18 and Latin America being the lowest, 2.79. And the percentage of organisations that report suffering no breaches at all continues to shrink, just 13% of businesses had zero breaches in 2023 compared to 15% the year before and 20% in 2021.

While organisations increasingly fall victim to cybercriminals, the attacks used to compromise networks are familiar to defenders. Malware, phishing, and web attacks combined accounted for 80% of all attacks organisations experienced yearly. Password attacks were more common in North America, and leaders in APAC experienced a higher percentage of phishing and web attacks than in other regions.

Cybersecurity incidents have increasingly significant impacts on organisations, ranging from financial to reputational challenges. More than half, 53% of leaders say breaches cost their organisations over $1 million in 2023, with North America and APAC reporting the most financially damaging attacks. Regarding recovery time, 63% said it took more than one month to bounce back from a cyberattack, with the average time being nearly three months.

In addition to monetary ramifications and lengthy recovery times, corporate leaders are held accountable when breaches occur: 51% of IT and security leaders say that board members or executives have faced fines, jail time, loss of their position, and loss of employment following a cyberattack.

The stakes are high for organisations when it comes to cybersecurity. Breaches continue to take a financial toll, and senior leaders are sometimes penalised when they happen. With the growing skills gap creating additional risks for organisations, many businesses are embracing new, creative approaches to recruiting, hiring, and retaining skilled professionals.

It is encouraging that leaders pursue unique initiatives and collaborate across the public and private sectors to address this challenge, as this is a crucial piece of the puzzle when it comes to strengthening an organisation’s overall defences.

Given these complexities, organisations should focus on a three-pronged approach to cybersecurity that blends technology, training, and awareness. Fortinet offers an integrated portfolio of over 50 enterprise-grade products through the Fortinet Security Fabric platform.

Fortinet Training Institute is dedicated to making cybersecurity certification and new career opportunities available to everyone and offering current professionals the chance to advance their skill sets.

The institute offers a variety of free and low-cost education and certification programs, unique initiatives to upskill and reskill individuals from diverse backgrounds, and more. The Fortinet Training Institute also has a Security Awareness Training offering designed to help organisations cultivate a more cyber-aware workforce.

Cybercriminals are not slowing down anytime soon, making cybersecurity into an all hands on deck effort for every organisation. Highly skilled professionals with access to the right cybersecurity technologies are essential to protecting businesses from breaches, as is having cyber-aware employees who can serve as a solid first line of defence.

By refreshing and strengthening distinct aspects of a risk management strategy, an enterprise will be better positioned to defend against the speed and volume of today’s attacks.

Browse our latest issue

Intelligent Tech Channels

View Magazine Archive