Nearly half of IT leaders struggle to secure approval for cybersecurity hiring even as breach costs surge and AI risks intensify globally
Fortinet has released its 2026 Global Cybersecurity Skills Gap Report, revealing that organizations worldwide continue to face severe cybersecurity talent shortages at a time when AI-powered cyber threats are becoming increasingly sophisticated and costly.
The report, based on a global survey of more than 2,750 IT and cybersecurity decision-makers across 32 countries, highlights a widening disconnect between growing cyber risks and enterprise investment in cybersecurity talent. According to the findings, nearly half of IT leaders are facing internal resistance when attempting to expand cybersecurity teams, despite rising breach costs and increasing operational exposure.
“Cybersecurity is not simply a technical issue but a strategic business risk,” said Carl Windsor, Chief Information Security Officer at Fortinet. “This year’s survey suggests that while boards generally recognize the importance of cybersecurity, more investment is needed to address key issues, such as emerging AI risks and the ongoing cybersecurity skills shortage. Addressing these issues is critical to business resilience in an increasingly complex threat landscape.”
“Organizations are increasingly recognizing that AI-driven cyber threats require not just advanced tools, but a workforce equipped with the right defensive skills and certifications.”
The study found that 86% of organizations experienced at least one cybersecurity breach during the past 12 months, while 52% reported breach-related losses exceeding $1 million, a sharp increase from 38% in 2021. North American organizations recorded the highest average breach costs, with incidents averaging approximately $2 million.
For the third consecutive year, lack of cybersecurity skills was identified as one of the leading causes of security breaches, cited by 56% of respondents. More than half of organizations said they urgently require senior-level cybersecurity expertise, yet 49% reported difficulty obtaining approval for additional hiring.
The findings also revealed growing concern around enterprise AI adoption and governance. Only 50% of respondents said their board members were fully aware of the cybersecurity risks associated with employee use of AI technologies, despite increasing enterprise reliance on generative AI platforms and automation tools.
Fortinet’s report warned that organizations may soon face a new category of cybersecurity skills shortages linked specifically to AI oversight and governance. Nearly 63% of respondents expect demand for AI governance and oversight roles within cybersecurity teams to rise significantly over the next three years.
“Cybersecurity is not simply a technical issue but a strategic business risk. More investment is needed to address emerging AI risks and the ongoing cybersecurity skills shortage,” said Carl Windsor.
At the same time, enterprises are increasingly deploying AI-powered cybersecurity tools to strengthen defenses and improve operational efficiency. According to the report, 91% of surveyed organizations are either actively using or experimenting with AI-driven cybersecurity solutions, while 84% said these tools are helping security teams improve efficiency and response capabilities.
However, Fortinet noted that cybercriminals are also leveraging the same technologies to launch more sophisticated attacks. Around 44% of respondents identified defending against AI-powered cyberattacks as one of their top security concerns.
The report further revealed that organizations are actively increasing investment in cybersecurity training and certifications to address these emerging gaps. About 92% of respondents said they are willing to fund employee cybersecurity certifications, up significantly from 73% in the previous year’s report.
Enterprises are also intensifying reskilling and workforce development initiatives. Nearly 92% of organizations reported using internships, apprenticeships, partnerships, and talent development programs to attract professionals from underrepresented talent pools, while 71% have established formal hiring targets for diversified recruitment initiatives.
AI-related skills development is emerging as a key priority area. Approximately 60% of organizations identified finding cybersecurity professionals with AI expertise as their biggest recruitment challenge. In response, 92% said they plan to invest in AI-focused cybersecurity training or certifications over the next 12 months.
The report also found that organizations are increasingly seeking expertise in areas such as AI model development, AI oversight, and security automation. Around 59% of enterprises are building internal reskilling programs to support AI adoption, while 52% are sourcing external training from industry vendors and partners.
To help address the ongoing cybersecurity skills shortage, continues to expand its global training and certification initiatives. Fortinet stated that it remains on track to train one million people globally in cybersecurity by the end of 2026, building on a commitment first announced in 2022.
The company emphasized that improving cyber resilience will require a balanced approach that combines advanced technology, workforce development, executive awareness, and continuous cybersecurity education as organizations navigate an increasingly AI-driven threat landscape.
