Fortinet report highlights India’s widening cyber skills gap

Fortinet has released its 2025 Global Cybersecurity Skills Gap Report, highlighting both emerging and persistent challenges faced by Indian organisations as a result of the cybersecurity talent shortfall.

The findings show that while organisations increasingly rely on artificial intelligence to strengthen security and compensate for staffing gaps, they also recognise that the same technology may fuel new and more sophisticated cyberattacks.

This concern is heightened by the limited AI expertise within many security teams. The survey also indicates that a lack of cybersecurity awareness and training remains the principal cause of breaches, board-level cyber knowledge continues to lag despite growing prioritisation, and employers place strong value on professional certifications.

According to Vivek Srivastava, Country Manager, India & SAARC at Fortinet, the latest survey emphasises the continuing need to invest in cybersecurity talent. He notes that unless the skills gap is addressed, breach rates and related costs will continue to rise, marking a critical point for both the public and private sectors.

Skills gap linked to rising security and financial risks

The report underscores the growing inevitability of cyber incidents at a time when an estimated global shortfall of more than 4.7 million qualified professionals leaves essential security roles unfilled. Ninety-two per cent of Indian organisations experienced at least one breach in 2024, with nearly a third reporting five or more. Although slightly lower than figures reported in 2021, the overall trend remains concerning.

More than half of respondents identified a lack of security skills and training as a key factor contributing to breaches. The financial impact is similarly significant: 60% of organisations reported cyber incidents costing more than USD 1 million in 2024, mirroring last year’s findings and notably higher than the 38% reported in 2021.

AI as both support and risk

While AI is widely viewed as an essential tool for alleviating pressure on understaffed security teams, many organisations may not yet have the expertise needed to deploy it effectively and safely. Surveyed organisations either already use or plan to adopt AI-enabled security solutions, particularly for threat detection and prevention. A large majority of cybersecurity professionals expect AI to enhance their work rather than replace it.

However, half of IT decision-makers cited insufficient AI expertise among staff as a major barrier to successful implementation. Although many report that AI is improving team effectiveness, the survey suggests that adoption without adequate knowledge can limit benefits and leave organisations exposed. Seventy per cent of organisations that reported nine or more cyberattacks in 2024 already had AI tools in place.

Board-level attention increasing, but AI understanding lags

Board engagement with cybersecurity continues to rise, with nearly nine in ten boards increasing their focus on the issue in 2024. All surveyed organisations now view cybersecurity as a business and financial priority. Despite this, understanding of AI-related risks is inconsistent. Two-thirds of respondents believe their boards fully grasp the risks posed by AI, and awareness is notably higher in organisations that already employ AI within their security programmes.

Professional certifications continue to be highly valued, with 98% of decision-makers preferring candidates who hold them. Certifications are regarded as evidence of up-to-date knowledge, familiarity with essential tools, and ongoing professional development. However, the proportion of organisations willing to fund certification has decreased, falling from 92% in 2023 to 82% in the latest survey.

Sustaining business resilience

The 2025 report makes clear that the skills gap remains a central challenge for Indian organisations, particularly as AI becomes integral to both security operations and emerging threats. Addressing this gap requires renewed focus on awareness, training, recruitment, and the development of specialised expertise. A coordinated approach involving education, expanded access to training and certification, and the adoption of advanced security technologies is essential to building long-term resilience.

Fortinet’s Training Institute offers a range of programmes aimed at broadening access to cybersecurity education, including security awareness training designed to help organisations develop a workforce capable of recognising and mitigating threats. Its modules include AI-focused content covering generative AI and AI-driven cyberattacks. The company remains committed to its pledge to train one million people globally in cybersecurity by the end of 2026.

The findings are based on responses from more than 1,850 IT and cybersecurity decision-makers across 29 countries and regions. Participants represent a broad cross-section of industries, including technology, manufacturing, and financial services.