Why the cybersecurity skills gap keeps getting wider

Global shortage of skilled cybersecurity professionals

The cybersecurity talent gap is the kind of challenge that demands attention from the boardroom. There are currently 4.8 million unfilled cybersecurity jobs worldwide, a 19% increase from the year before, according to Fortinet’s 2025 Cybersecurity Skills Gap Report. That’s a growing weakness across industries. When you don’t have enough skilled defenders, attackers have a much easier job.

Data makes the cost of inaction clear. The 2022 Cost of a Data Breach Report found that companies with understaffed teams face an average breach cost of $4.56 million, around $550,000 more than those with fully staffed cybersecurity units. A later report shows the gap is widening, with a $1.76 million increase in the average cost of breaches tied directly to the shortage of skilled talent. These numbers underscore that human capital in cybersecurity is as valuable as any technological investment.

Executives often focus on recruiting top-tier security talent, people who already have years of specialized experience. But the reality is, automation and artificial intelligence have trimmed entry-level roles, leaving few opportunities for new professionals to gain real-world experience. That’s a problem because talent development pipelines are drying up. Training and upskilling entry-level hires could be one of the most effective strategies for closing this gap over time.

Decision-makers should look beyond the short-term hiring pressure. Building a well-balanced cybersecurity team that integrates experienced leaders with motivated, developing professionals will strengthen both resilience and retention. It’s a long-term play, but it’s how companies build a sustainable defense against the next wave of cyber threats. Leadership should treat cybersecurity talent as a mission-critical investment, because it is.

Budget constraints and economic pressures impede cybersecurity investments

Cybersecurity doesn’t exist in isolation from wider economic forces. The last year has seen aggressive cost controls across industries, budget cuts, hiring freezes, and even layoffs. According to Fortinet research, 36% of companies reduced cybersecurity budgets, and nearly a quarter laid off staff. Those moves may balance the books today, but they weaken defenses for tomorrow.

There’s a clear contradiction in the data: while budgets shrink, the financial impact of breaches continues to grow. The global average cost of a data breach is now $4.4 million. For many organizations, one major security event can erase years of cost-saving. Underfunding defense doesn’t eliminate risk; it compounds it.

Executives know that cybersecurity is a balancing act between risk management and return on investment. But security is no longer just a compliance issue; it’s core to business continuity and reputation. When people, training, and technology suffer from reduced budgets, vulnerabilities multiply. Hiring freezes delay talent acquisition, and cutting back on training limits how well existing staff can adapt to new threats.

Leaders need to approach security investment as an ongoing strategic priority. The organization’s ability to protect data and infrastructure should evolve in step with financial strategy. The solution isn’t to spend endlessly, it’s to allocate funds smartly, focusing on development, workforce growth, and technology that enhances effectiveness. A strong cybersecurity foundation doesn’t just prevent loss; it’s a signal to investors, customers, and partners that the company is built for the long term.

Mental health challenges and burnout contribute to talent attrition

The cybersecurity field operates under sustained pressure. Threats evolve daily, and professionals are expected to stay ahead of every potential attack. This constant vigilance takes a toll. Fortinet’s data shows that 32% of security professionals lose sleep because of stress, and 65% have considered leaving their roles altogether. When experienced people walk away, the gap widens, and the burden on those who remain increases. It’s a cycle that weakens teams from the inside.

Executives must treat mental health as part of operational resilience. High turnover disrupts stability, erodes expertise, and slows incident response. According to Fortinet, 52% of companies report that directors or executives have faced personal repercussions, fines, loss of position, even legal action, after major cyber incidents. This creates a culture of fear that discourages transparency and collaboration. A burnout-driven workplace cannot sustain long-term readiness against cyber threats.

Leaders can alter this pattern. Open conversations about stress, visible recognition of effort, and fair workloads can make a measurable difference. Promoting flexibility and psychological safety doesn’t mean reducing performance, it means enabling sharper focus, longer retention, and better results. Decision-makers should view well-being programs not as perks but as performance infrastructure. In cybersecurity, mental stability and strategic awareness are inseparable drivers of success.

Rapid technological advancements outpace traditional cybersecurity training

Technology is evolving faster than security teams can adapt. Artificial intelligence, automation, and quantum computing are changing both offense and defense. Attackers are deploying AI-driven tactics that personalize and scale their operations. Meanwhile, only a minority of defenders are ready for what’s coming next. Fortinet reports that 69% of senior cybersecurity managers understand the quantum threat to legacy encryption, yet only 5% have implemented quantum-safe solutions. That’s a dangerous gap between awareness and action.

Traditional training programs are too slow to keep pace. Annual courses and rigid video modules leave professionals underprepared for dynamic and unpredictable threats. The current environment requires hands-on, continuous learning that mirrors the speed of technological change. Without this, even well-staffed organizations remain vulnerable. A skilled team today can become outdated within a year if it isn’t constantly exposed to emerging tools and attack patterns.

For executives, this is a strategic opportunity. Expanding learning and development frameworks to include real-time simulations, specialized upskilling, and personalized learning paths ensures teams are ready for what’s next. It’s not just about acquiring knowledge, it’s about embedding adaptability into the organization’s DNA. C-suites should measure training investment not in immediate ROI, but in long-term capability growth. As technology accelerates, staying informed and agile becomes the defining factor between resilience and risk.

Long-term resilience requires sustained investment in personnel development

Closing the cybersecurity skills gap won’t happen with short-term hiring or temporary fixes. The solution is a sustained commitment to developing people. Organizations that invest in continuous learning, well-defined career growth, and mentorship programs strengthen their long-term defense posture. This isn’t only about creating more experts, it’s about building teams that adapt and evolve with the threat landscape. When professionals see a future within a company, they stay, learn, and contribute more effectively.

The data supports this focus. Research from Fortinet and IBM’s Cost of a Data Breach Report highlights that organizations neglecting personnel development face consistently higher breach costs. The relationship is clear: underinvestment in people leads directly to higher vulnerability and financial loss. Skilled, engaged, and well-supported cybersecurity staff are proven to detect and respond faster, minimizing damage and recovery time.

For executives, the responsibility lies in prioritizing human capital as strategically as technology. Allocate resources toward structured learning ecosystems that include technical upskilling, leadership training, and practical experience. Encourage collaboration between HR, security leaders, and finance to align development goals with business outcomes. Treat every employee’s growth as part of your security infrastructure.

Sustainable progress in cybersecurity depends on people, not tools. The companies that understand this will not just respond better to threats, they will prevent them through foresight, knowledge, and organizational stability. The most forward-looking leaders know that developing human talent is an investment that compounds in strength, trust, and competitive advantage.

Key highlights

• Address the cybersecurity talent shortage through strategic development: With 4.8 million cybersecurity roles unfilled, leaders should focus on cultivating internal talent through structured training and growth programs instead of relying solely on hiring experienced professionals.
• Protect cybersecurity budgets from short-term cuts: Budget reductions may ease immediate financial pressure but increase long-term risk. Executives should maintain or reallocate funding toward critical security roles and training to prevent costly breaches averaging $4.4 million globally.
• Prioritize mental health to retain cybersecurity talent: High stress and burnout are driving attrition, with 65% of professionals considering leaving their jobs. Leaders should invest in support systems and balanced workloads to sustain morale and reduce turnover.
• Modernize cybersecurity training to match tech evolution: Emerging technologies like AI and quantum computing are advancing faster than traditional training programs. Executives should embed continuous, hands-on learning to keep teams aligned with real-time threats.
• Invest consistently in people for long-term resilience: Sustainable cybersecurity strength depends on continuous skill development and employee retention. Leaders should view workforce growth as a strategic investment that drives security, stability, and competitive advantage.