AI Powers Defense, But Skills Gap Keeps Security on Edge
Published
- Persistent gap: Lack of cybersecurity awareness and skills remains a top breach cause, highlighting a persistent talent and training deficit.
- AI's dual role: While half of leaders worry AI will increase cyberattacks, almost all are using or planning to use AI-enabled solutions for defense.
- Board-level concern: Three-quarters increased their focus on cybersecurity in 2024, yet only half of leaders believe their board fully understands the risks posed by AI.
Organizations view the complex relationship with artificial intelligence (AI) as both a significant threat and a critical opportunity. The global survey of 1,850 IT and cybersecurity decision-makers found that 49% are concerned that malicious use of AI will increase the volume and sophistication of cyberattacks.
In response, 97% of organizations are either currently using or planning to implement AI in cybersecurity solutions. However, a lack of staff with sufficient AI expertise is cited as the biggest challenge to implementation (48%), indicating that technology adoption is outpacing talent development.
The Cybersecurity Skills Gap Remains a Top Risk
The Fortinet Cybersecurity Report 2025 confirms that the cybersecurity skills gap remains a primary driver of risk. A lack of employee security awareness (56%) and a shortage of trained IT security staff (54%) were identified as the top two causes of security breaches.
Data, cloud, and network security are the most in-demand skills. To address this, 89% of IT leaders prefer to hire candidates with professional certifications, which they see as validation of a candidate's knowledge and skills.
After a data breach, mandating cybersecurity training and certifications for staff (62%) is a top response, alongside expanding the security team (63%).
“This year’s survey further underscores the urgent need to invest in cybersecurity talent,” said Carl Windsor, CISO at Fortinet.
“Without closing the skills gap, organizations will continue to face rising breach rates and escalating costs,” added Windsor. “The findings highlight an inflection point for both public and private sectors: Without bold action to build and retain cybersecurity expertise, the risks and costs will only continue to grow for our society.”
Board-Level Awareness and Accountability Increase
Cybersecurity has become a firm priority at the board level, with 76% of respondents reporting an increased focus from their boards in the past year. This attention is likely driven by the significant impact of breaches, with 52% of organizations reporting that security incidents cost them over $1 million.
Despite this increased focus, a knowledge gap persists, as only 49% of leaders believe their board members are fully aware of the potential risks associated with AI. This highlights a critical need for enhanced cyber-risk education at the executive and director levels to ensure informed governance.
Expert Advice for Organizations
Melonia Da Gama, Director of Training and Learning Program at Fortinet, told TechNadu that organizations should “ensure their security vendors offer industry-recognized training and certification for products incorporating AI,” which would allow employees to leverage these available capabilities.
Da Gama says organizations should also “ask how AI can be applied to support their specific security objectives,” such as Endpoint Detection and Response (EDR and XDR), Security Orchestration, Automation, and Response (SOAR), autonomous responses, and SIEM log analysis. “Leaders need to treat cybersecurity as a strategic, corporate-wide initiative that includes managing risk proactively.”
“Taking a proactive approach to cybersecurity means an organization’s leadership ensures the team is skilled up and representative where its organization’s gaps exist,” added Da Gama. “This can be accomplished by looking to all populations to hire new professionals with the skills you need, or by upskilling and reskilling employees in growing areas of concern.”
Diana Kelley, Chief Information Security Officer at Noma Security, highlighted that prompt engineering is one of the most in-demand GenAI skills, and so are vibe coding AI agents, but warned that the AI needs to be secured by the CISO's organization for every AI implementation or enterprise use case.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular