Key Takeaways
- AI is increasingly embedded in cybersecurity defenses, with 41 % of organizations using AI‑enabled solutions and another 42 % experimenting, yet a small fraction remains uninterested.
- Board‑level engagement lags behind priority setting: while more boards cite cybersecurity as a business priority, there is a 14 % gap between those who prioritize it and those who actually allocate budget.
- Skills shortages remain the leading cause of breaches; 86 % of organizations experienced at least one cyber attack due to insufficient IT/security team skills, and 29 % suffered five or more attacks in the past year.
- Organizations are struggling to hire (49 % report difficulty) and often address skill gaps only after an incident, despite 92 % willingness to invest in AI and cybersecurity training and certification.
- Shadow AI—unmanaged employee use of AI tools—poses an emerging risk that requires C‑level governance and board oversight.
- Fortinet’s pledge to train one million people by the end of 2026 is on track, reflecting a broader corporate‑social‑responsibility commitment to closing the global cybersecurity skills gap.
Survey Overview: AI Adoption and Board Inaction
The 2026 Global Cybersecurity Skills Gap Report from Fortinet highlights two striking trends. First, organizations are leaning more heavily on artificial intelligence to bolster security defenses. Second, a persistent lack of decisive action at the board level continues to expose companies to risk. While the move toward AI is unsurprising given the evolving threat landscape, the board’s failure to translate priority into funding creates a disconnect that hampers effective security programs.
AI‑Powered Security: Current Usage and Perceived Benefits
Respondents reported that 41 % of organizations are already deploying AI‑enabled security solutions on live networks, while another 42 % are experimenting with the technology. Only 8 % plan to evaluate AI later, and a mere 1 % show no interest. Leaders observe that AI enhances detection speed, allowing security teams to spot subtle network anomalies and escalate them to senior personnel for rapid response. Consequently, 84 % say their IT and security teams perform better when working with AI, and 42 % express confidence in granting AI limited human oversight. This “fight fire with fire” mindset reflects growing trust in AI’s ability to handle core security functions autonomously.
Board Education and the Budget‑Priority Gap
Despite rising awareness, boards still lag in providing the resources needed to act on cybersecurity priorities. Survey data show a 14 % delta between board members who rank cybersecurity as a business priority and those who treat it as a financial priority—meaning they allocate budget. The report calls for targeted education programs that cover both general cybersecurity fundamentals and the specific implications of AI‑driven threats. Without board‑level understanding and financial commitment, initiatives such as AI adoption, staff up‑skilling, and robust governance remain under‑funded.
Practitioner Impact: Attacks Stemming from Skill Gaps
The human element remains the weakest link. Eighty‑six percent of organizations experienced at least one cyber attack in the past year that was directly attributable to insufficient skills or knowledge within their IT and security teams. Nearly a third (29 %) endured five or more such incidents. These figures underscore that breaches are not primarily caused by failing technology but by a lack of qualified personnel capable of operating and optimizing security tools, including AI‑based systems.
Ongoing and Emerging Risks of the Skills Gap
The skills gap continues to be the number one cause of breaches, fluctuating between deficiencies in IT/security teams and broader organizational security awareness. The report emphasizes that cybersecurity is now everyone’s responsibility—from entry‑level staff to CEOs and board members. Top attack vectors continue to target end users, reinforcing the need to skill up the human component of networks.
An emerging risk highlighted is “shadow AI,” where employees independently use AI tools without organizational oversight or governance. This unmanaged adoption introduces vulnerabilities that could be exploited by threat actors. Addressing shadow AI requires clear policies, guardrails, and accountability at the C‑level, with board involvement to ensure consistent enforcement.
Workforce Impact: AI Integration and Talent Demand
AI’s influence on the workforce is evident: 91 % of organizations either use AI in security solutions or are experimenting with it. The high adoption rate correlates with reported improvements in team performance and increased trust in AI‑driven automation. Simultaneously, there is a fierce demand for talent with AI experience; 52 % of organizations are seeking senior‑level professionals, possibly to lead AI implementation projects or to oversee automated lower‑level tasks.
Hiring, Training, and Certification Insights
The survey reveals a strong appetite for training and certification as a remedy for the skills gap. Ninety‑two percent of respondents said they would pay for employees to obtain cybersecurity or AI certifications—a figure that has rebounded from 73 % the previous year and marks the highest level in recent years. Likewise, 91 % expressed a desire to hire candidates holding technology certifications. Organizations are broadening their talent pipelines, looking beyond traditional degrees to internships, apprenticeships, and hands‑on experience programs. Fortinet’s own certification initiative exemplifies this approach, emphasizing practical labs that build real‑world expertise.
Fortinet’s Pledge: Advancing Cybersecurity Through Education
Fortinet’s commitment to train one million people by the end of 2026, launched in 2021, remains on schedule. The pledge leverages the company’s training and certification program, career‑growth initiatives, and employment‑assistance partnerships, all pursued from a corporate‑social‑responsibility perspective. By expanding access to cybersecurity education, Fortinet aims to shrink the global skills gap while fostering a skilled workforce capable of defending against increasingly sophisticated, AI‑enhanced threats.
Conclusion
The 2026 Fortinet report paints a clear picture: AI is becoming an indispensable ally in cybersecurity, yet its potential is hampered by board‑level inertia and a pervasive skills shortage. Organizations that invest in continuous training, embrace AI responsibly, and secure genuine executive and board commitment will be best positioned to mitigate current threats and anticipate future challenges. Fortinet’s ongoing pledge to educate one million professionals underscores the industry’s recognition that people—supported by the right technology and governance—are the ultimate defense against cyber risk.