‘We’re Not Investing as Much as We Should in Their Skills and Development’: Skills Shortages Remain a Key Factor in Security Breaches — and Things Could Get Worse with AI in the Equation

Human error continues to eclipse technology as the primary catalyst for cyber incidents. Fortinet’s latest survey shows more than half of security leaders blame insufficient employee awareness and a dearth of trained staff for recent breaches. Even as threat actors refine malware, phishing, web and password attacks, these low‑tech vectors remain effective because organizations underinvest in people. The financial impact is stark: 52% of respondents report breach costs topping $1 million, underscoring the economic urgency of closing the skills gap.

At the same time, AI is reshaping the threat landscape. While AI‑driven tools can accelerate detection and response, they also expand attack surfaces and empower adversaries with sophisticated, automated exploits. The report reveals that 60% of respondents find it hardest to recruit cybersecurity professionals with AI expertise, and 63% anticipate a surge in AI‑oversight roles within three years. Recognizing this, 92% of firms intend to fund AI‑related security training or certifications in the next twelve months, signaling a strategic pivot toward upskilling the existing workforce rather than relying solely on new hires.

The broader industry response includes diversifying talent pipelines and emphasizing inclusion. Nearly all surveyed companies now leverage internships, apprenticeships, and partnerships to attract under‑represented talent, and three‑quarters have dedicated recruitment programs for women. Yet a disconnect persists: while 73% view cybersecurity as mission‑critical, only 59% prioritize spending accordingly. Bridging this investment gap, coupled with sustained training initiatives, will be essential for organizations to mitigate breach costs, harness AI responsibly, and maintain competitive advantage in an increasingly hostile digital environment.