The cybersecurity skills gap is hardly a new phenomenon. For years, organizations have warned that demand for cyber professionals is outstripping supply, while increasingly sophisticated threats continue to raise the stakes of getting security wrong.
Fortinet’s 2026 Cybersecurity Skills Gap report suggests those pressures are far from easing. More than half of organizations say they most urgently need senior-level cybersecurity talent, while cybersecurity skills and security awareness continue to be identified as the leading causes of breaches. At the same time, the growing prevalence of artificial intelligence is creating an entirely new set of workforce demands.
The global report’s findings also suggest a sector in something of a transition. More than nine in ten organizations are already using or experimenting with AI-powered cybersecurity solutions, while 84 percent say AI-enhanced tools are making security teams more effective and efficient.
Yet 60 percent report that their biggest recruitment challenge is finding cybersecurity talent with AI expertise, and 63 percent expect to need more AI oversight and governance roles within the next three years.
For Chris Parker, Director, Government Strategy at pillboxthe relationship between AI and cybersecurity skills requirements is more nuanced than many assume. It is neither a catch-all automated solution for recruitment woes, or an existential crisis for a sector already grappling with a shortage of in-house expertise.
“A lot of people struggle with AI and the concept at the moment,” he says. “Effectively, AI is an enabler which allows things to happen faster, sometimes more efficiently. But that’s true for bad people, as well as good people defending society.”
The challenge, he argues, is not that every employee must become an AI specialist. Instead, organizations need to develop a baseline level of AI literacy across their workforce. Drawing an analogy with touch typing, Parker notes that while some people become experts, most simply need to understand how to use the tool effectively.
“As long as you know the ability of that tool, that’s the piece that most of us have to get to grips with now,” he says.
This distinction matters because AI is increasingly being viewed as both part of the solution and part of the problem. The report found that 42 percent of respondents would trust AI to handle core security functions independently, while a further 41 percent would trust it with limited human oversight.
Those findings raise an obvious question: are organizations embracing AI because they trust it, or because they lack the people needed to perform these tasks manually?
Parker acknowledges the danger of seeing AI as a magic bullet, but believes familiarity with its capabilities is building genuine confidence. As AI continues to become embedded within everyday workflows, he argues, that confidence will continue to grow. It also reflects a broader pattern seen throughout technological change.
Yet AI adoption alone will not solve the sector’s long-standing talent shortage. If anything, the speed of technological change has increased the need for continuous training and workforce development.
“If there’s one recommendation I can give, it’s to have a skills training program for AI in parallel to adoption,” Parker says. Organizations should identify internal champions, invest in workforce development and recognize that learning is not confined to younger generations.
“I’ve been delighted to see people with 20 or 30 years’ experience moving quite rapidly into the use of AI with a bit of personal training and skill effort.”
The report’s findings suggest that many organizations are beginning to recognize this need. 92 percent say they are likely to invest in AI-related cybersecurity training or certifications over the next year, while 87 percent expect their cybersecurity teams to grow.
However, the shortage of experienced talent remains a significant challenge. Rather than viewing this solely as a recruitment issue, Parker believes organizations should think differently about how expertise is sourced and deployed.
“There is, of course, a limited amount of such people and expertise in the market,” he says. “As everyone digitises more, there’ll be more spaces needing those people.”
Part of the answer, he continues, lies in managed services and specialist partners. Just as organizations routinely outsource fleet management, payroll or legal services, many cybersecurity responsibilities can be delegated to trusted providers. The crucial distinction is between responsibility and accountability.
“Accountability will always sit within one person in the organization,” Parker explains. “But the responsibility could well be delegated to several support and service organizations.”
This perspective becomes particularly relevant when considering one of the report’s more striking findings. For the third consecutive year, respondents identified a lack of cybersecurity skills and security awareness as the leading causes of security breaches, ahead of shortages in security products or technology. 56 percent cited insufficient cybersecurity skills, while 55 percent pointed to poor security awareness. The challenge is as much cultural as technical.
“Until not so long ago, it’s largely been a voluntary or wise decision to ensure cybersecurity skills are kept up to date,” Parker says. “However, with regulation and legislation increasing, boards are now taking much more notice of it.
“Those in accountable governance positions over AI linked systems clearly need to have adequate understanding of AI themselves and be aware where and how AI is used in their organization.”
A major piece of the puzzle is broadening the talent pipeline itself. The report found that 71 percent of organizations now have formal targets for hiring from underutilized talent pools – a drum that Parker, and Fortinet more broadly, have been beating loudly for some time.
He reels off a long list of industries and demographics that should be more vigorously explored, citing significant opportunities beyond traditional recruitment channels that include veterans transitioning from military careers, school outreach programs, and work-experience schemes as valuable sources of future talent.
“A piece of paper doesn’t necessarily tell you much about an individual,” he says. “Often good talent can be missed.”
As new technologies reshape the cybersecurity landscape, organizations must rethink not only the tools they use, but also how they find and develop the people responsible for using them.
Download Fortinet’s 2026 Cybersecurity Skills Gap report here




