Fortinet has released its 2025 Global Cybersecurity Skills Gap Report, shedding light on the new and persistent challenges Indian organizations face due to the cybersecurity skills gap. The survey’s key findings include:
- As organizations are turning increasingly to AI to strengthen their security postures and fill gaps, they also acknowledge that AI may be used against them as an engine of new or improved cyberattacks, especially given the lack of AI skillsets across teams.
- Lack of cybersecurity awareness and training remains the top cause of breaches.
- Boards lack cyber knowledge, despite it being a priority.
- Organizations want cybersecurity personnel with certifications.
“This year’s survey further underscores the urgent need to invest in cybersecurity talent,” said Vivek Srivastava, Country Manager, India & SAARC at Fortinet. “Without closing the skills gap, organizations will continue to face rising breach rates and escalating costs. The findings highlight an inflection point for both public and private sectors: Without bold action to build and retain cybersecurity expertise, the risks and costs will only continue to grow for our society.”
Report Links Cyber Skills Gap to Escalating Security and Financial Risks
As cyberthreats continue to escalate, organizations face the reality that security attacks are not just a possibility but a certainty. At the same time, an estimated global shortfall of more than 4.7 million skilled professionals leads to critical security roles being unfilled at a time when they are needed most. Key findings about the impact of the skills gap on organizations globally include:
- The volume of breaches organizations experience is increasing year over year. According to the 2025 Fortinet Global Skills Gap Report, 92% of Indian organizations experienced at least one cyber breach in 2024, with nearly one-third (34%) reporting five or more. The figures were marginally higher in 2021, when the inaugural Fortinet Global Skills Gap Report was released, in which 96% of organizations reported breaches, and 44% faced five or more.
- The cybersecurity skills shortage is a key contributor to increased breaches. More than 50% of those surveyed (54%) indicated a lack of IT security skills and training as one of the leading causes of breaches in their organizations.
- Financial ramifications of breaches remain significant. More than half (60%) of surveyed organizations say cyber incidents cost them over $1 million in 2024, consistent with the prior year’s findings and sharply up from 38% in 2021.
AI Could Ease Strain on Security Teams, but Lack of Expertise Is a Growing Risk
While AI offers critical relief amid ongoing cyber skills shortages, organizations may not yet be fully prepared to harness its potential securely. This year’s survey found:
- Security technology with AI capabilities has been widely adopted. All of the organizations surveyed are either already using or plan to implement AI-enabled cybersecurity solutions, with threat detection and prevention cited as the top areas of interest for applying AI in cybersecurity.
- AI can help alleviate the burden on short-staffed security teams. 82% of cybersecurity professionals expect AI to enhance their roles, rather than replace them, offering efficiency and relief amid skills shortages.
- While AI can help security teams, teams lack AI skillsets to unlock the technology’s full potential. A majority of those surveyed (90%) say AI is helping their IT and security teams become more effective, but half (52%) of IT decision makers point to a lack of staff with sufficient AI expertise as the biggest challenge to successful implementation. Seventy percent of organizations that suffered nine or more cyberattacks in 2024 had AI tools in place, suggesting that adoption alone isn’t enough without the right expertise.
As Board-Level Focus on Cybersecurity Grows, Understanding of AI Impact Lags
When it comes to the board of directors’ understanding of cybersecurity’s role at their organization, the report revealed the following:
- Cybersecurity prioritization at the board level is on the rise with 88% of boards increasing their focus on the issue in 2024. All organizations now view cybersecurity as both a business (100%) and financial (100%) priority.
- Board members aren’t as aware of the potential risks that AI use poses to their organizations. More than half (66%) of all respondents indicated their boards fully understand the risks posed by AI, with awareness closely linked to whether their organizations are already deploying AI in their cybersecurity programs.
Upskilling Remains a Focus in Addressing the Skill Gap
As the cyber skills shortage persists, other key findings from the report include:
- Certifications continue to be highly valued by employers. Ninety eight percent of IT decision-makers prefer to hire candidates who hold certifications. Most respondents said certifications validate cybersecurity knowledge (61%), demonstrate an ability to stay current in a fast-evolving field (65%), and indicate familiarity with key vendor tools (61%).
- Organizational support for funding certifications has declined. Only 82% of respondents now say they are willing to pay for employees to obtain certifications, down from 92% in 2023.
Closing the Skills Gap Is Critical to Business Resilience
The 2025 Cybersecurity Skills Gap Report makes clear that cybersecurity has become a board-level priority, driven by the rise of AI and the escalating risks to business operations. Closing the Indian skills gap remains essential. Organizations must rethink hiring practices, tap into underutilized talent pools, and invest in training and upskilling to build and retain the expertise they need. This requires a coordinated approach grounded in three key pillars: raising awareness and education, expanding access to targeted training and certification, and embracing advanced security technologies.
To help organizations address the challenges they face as a result of the cyber skills gap, the award-winning Fortinet Training Institute, one of the industry’s broadest training and certification programs, is dedicated to making cybersecurity certification and new career opportunities available to all populations, including a Security Awareness Training service for organizations to develop a cyber-aware workforce. The Security Awareness and Training service offers AI-focused modules to enhance understanding of AI and the role it plays in cybersecurity, including an introduction to GenAI and curriculum around AI-powered threats, covering the various methods that cybercriminals use when harnessing AI to create and enhance cyberattacks.
Additionally, as part of Fortinet’s commitment to addressing this growing challenge, Fortinet is on track to train 1 million people in cybersecurity around the world by the end of 2026, since setting that pledge in 2021.
