Fortinet Annual Report Finds Increasing Linkage Between Cybersecurity Breaches and Skills Shortage

Ninety-four percent of organizations in the Philippines experienced a breach in the last year that they can partially attribute to a lack of cyber skills and 77% attribute increased cyber risks to the skills gap

Taguig City, Philippines, August 14, 2024

John Maddison, Chief Marketing Officer at Fortinet

“As the skills shortage persists, this leading cybersecurity challenge requires a collaborative, multi-faceted approach as evidenced by the results of Fortinet’s latest Global Cybersecurity Skills Gap Report. This year’s report emphasizes that for organizations to ensure they are protected from today’s complex threats they must have a combination of the right security technology, opportunities for current security professionals to upskill through training and certifications, and an overall cyber-aware workforce.”

Alan Reyes, Country Manager at Fortinet Philippines

“More organizations are increasingly linking security breaches to the cybersecurity skills gap, with 94% of organizations in the Philippines recognizing this issue, up from 92% in the last report. This emphasizes the urgent need for organizations in the Philippines to continue addressing the cybersecurity skills shortage to strengthen their security posture. Our latest report shows that organizations are actively making efforts to bridge this gap, such as diversifying their candidate pools, which the Philippines is showing significant improvement. As organizations in the country continue this effort, they should also invest in training and certifications for their IT and security teams, educate employees about threats and best practices in cyberspace, and implement the right technologies to enhance resilience.”

News Summary 

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, released its 2024 Global Cybersecurity Skills Gap Report, which highlights ongoing challenges related to the cybersecurity skills shortage impacting organizations around the globe. Key findings for the Philippines from the global report include:

• Organizations are increasingly attributing breaches to the cyber skills gap
• Breaches continue to have significant repercussions for businesses, and executive leaders are often penalized when they happen
• Certifications continue to be highly regarded by employers as a validator of current cybersecurity skills and knowledge
• Numerous opportunities remain for hiring from diverse talent pools to help address the skills shortage

The Cyber Skills Gap Continues to Impact Companies in the Philippines 

An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap. At the same time, the 2024 Global Cybersecurity Skills Gap Report found that 77% of organizations in the Philippines indicated that the cybersecurity skills shortage creates additional risks for their organizations. Other findings that highlight the impact of the growing skills gap on companies across the Philippines include:

• Organizations are attributing more breaches to a lack of cyber skills: In the past year, 94% of organizational leaders in the Philippines said they experienced a breach that they can partially attribute to a lack of cyber skills, up from 92% in the 2023 report.
• Breaches are having a more substantial impact on businesses: Breaches have a variety of repercussions, ranging from financial to reputational challenges. This year’s survey revealed that corporate leaders are increasingly being held accountable for cyber incidents, with 62% of respondents noting that directors or executives have faced fines, jail time, loss of position, or loss of employment following a cyberattack. Additionally, 52% of respondents indicated that breaches cost their organizations more than $1 million in lost revenue, fines, and other expenses last year—up from 45% in the 2023 report and down from 60% in the 2022 report.
• Boards of directors view cybersecurity as a business imperative: As a result, executives and boards of directors are increasingly prioritizing cybersecurity, with 80% of respondents saying their boards were more focused on security in 2023 than the year before. And 94% of respondents say their board sees cybersecurity as a business priority.

Hiring Managers Value Continued Learning and Certifications

Business leaders widely regard certifications as validation of cybersecurity knowledge, and those who hold a certification or work with someone who does notice clear benefits. This year’s survey also found that:

• Candidates with certifications stand out: More than 90% of respondents (94%) said they prefer to hire candidates who hold certifications.
• Leaders believe that certifications improve security posture: Respondents place such high value on certifications that 98% said they would pay for an employee to obtain a cybersecurity certification.
• Finding candidates who hold certifications isn’t easy: More than 80% of respondents (84%) indicated that it is difficult to find candidates with technology-focused certifications.

Companies are Expanding Hiring Criteria to Fill Open Roles As the cyber workforce shortage persists, some organizations are diversifying their recruitment pools to include candidates whose credentials fall outside traditional backgrounds—such as a four-year degree in cybersecurity or a related field—to attract new talent and fill open roles. Shifting these hiring requirements can unlock new possibilities, especially if organizations are also willing to pay for certifications and training. The report also found that:

• More organizations have programs dedicated to recruiting from a diversified talent pool: Eighty-eight percent of respondents said their organizations have set diversity hiring goals for the next few years.
• Diversity hiring varies from year to year: With ongoing recruitment targets, female hires are up to 94% from 88% in 2022 and 86% in 2021; hires from minority groups are up slightly at 76% from 71% in 2022 and 68% in 2021; and veteran hires are up to 64% from 53% in 2022 and 55% in 2021.
• While certifications are valued by many hiring managers, some organizations still prefer candidates with traditional backgrounds: Despite many respondents saying they value certifications, 92% of organizations still require four-year degrees, and 68% hire only candidates with traditional training backgrounds.

Organizations are Taking a Three-Pronged Approach to Building Cyber Resiliency The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defenses across enterprises. As a result, organizations are focusing on a three-pronged approach to cybersecurity that combines training, awareness, and technology:

• Help IT and security teams obtain vital security skills by investing in training and certifications needed to achieve this goal.
• Cultivate a cyber-aware frontline staff who can contribute to a more secure organization as a first line of defense.
• Use effective security solutions to ensure a strong security posture.

To help organizations achieve these objectives, Fortinet offers the largest integrated portfolio of more than 50 enterprise-grade products through its Fortinet Security Fabric platform. Additionally, the award-winning Fortinet Training Institute, one of the broadest training and certification programs in the industry, is dedicated to making cybersecurity certification and new career opportunities available to all populations, including a Security Awareness Training offering for organizations to develop a cyber-aware workforce.

About the Fortinet Skills Gap Survey

• The survey was conducted among 25 IT and/or cybersecurity decision-makers in the Philippines.
• Survey respondents came from a range of industries, including technology (20%), manufacturing (20%), and financial services (12%).

Additional Resources 

• Learn about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
• Visit fortinet.com/trust to learn more about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products that contribute to delivering proven cybersecurity, everywhere you need it.
• Learn more about Fortinet’s commitment to product security and integrity, including its responsible product development and vulnerability disclosure approach and policies.
• Learn more about FortiGuard Labs threat intelligence and research and Outbreak Alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
• Learn more about Fortinet’s FortiGuard Security Services portfolio.
• Read about how Fortinet customers are securing their organizations.
• Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.