Poor Employee Awareness and Skills Gap Drive Cybersecurity Breaches

A major driver of cybersecurity breaches continues to be insufficient employee training and awareness, a problem that has persisted across the industry for years. New findings from Fortinet highlight that despite advancing technologies, organizations still struggle to address this ongoing human-factor vulnerability.

According to Fortinet’s 2026 Global Cybersecurity Skills Gap Report, more than half of cybersecurity and IT leaders (56%) identified poor employee awareness as a primary factor behind security incidents. Similarly, 54% pointed to a shortage of adequately trained IT and security professionals as a key contributor to these breaches.

Malware and phishing continue to dominate cyberattacks

Despite clear evidence that attackers are increasingly exploiting human vulnerabilities by targeting employees, many organizations still have not taken sufficient steps to address the issue. The most common types of cyberattacks reported over the past year include malware (39%), phishing (36%), web-based attacks (31%), and password-related breaches (30%). These findings are consistent with earlier versions of the report, which indicate that even as threats become more advanced, cybercriminals continue to rely on familiar, time-tested attack methods.

According to this report, nearly three-quarters of organizations (73%) now view cybersecurity as a critical priority. However, this focus is not fully reflected in financial commitment, with only 59% actually dedicating sufficient budget to it. This research shows that the consequences of underfunding cybersecurity can be severe, with breaches becoming increasingly expensive. In fact, over half of organizations (52%) reported that cyber incidents now result in average losses exceeding $1 million.

Demand for AI cybersecurity skills keeps rising

Recruiting cybersecurity talent has long been difficult, but the challenge is even greater when it comes to hiring professionals with AI expertise. About 60% of respondents said finding candidates with AI-related cybersecurity experience is their biggest hiring obstacle. Moreover, 63% expect demand for AI-focused governance and oversight roles to grow significantly in the next few years.

To close this gap, many organizations are ramping up investment in skills development. Around 92% plan to fund AI-related training or certifications within the next year, and an equal share say they are willing to cover the cost of certifications to strengthen their teams’ capabilities.

Most organizations (92%) are using internships, apprenticeships, partnerships, or training initiatives to bring in talent from diverse backgrounds. Moreover, about three-quarters have established targeted hiring programs for women, which reflects a notable improvement compared to the previous year.

How organizations can strengthen cyber resilience?

This report suggests that organizations need to take a more strategic and proactive approach to cybersecurity by investing in both people and technology. A major priority is closing the skills gap through continuous training, upskilling, and certification programs, especially in emerging areas like AI. Companies are also encouraged to strengthen employee awareness across all levels, since human error remains a leading cause of breaches. Moreover, integrating AI tools thoughtfully and ensuring proper oversight can help improve efficiency and threat detection without introducing unnecessary risks.

Additionally, this report emphasizes the importance of stronger leadership involvement and better alignment between priorities and spending. Boards and executives need to deepen their understanding of cybersecurity and treat it as a core business risk, not just a technical issue. Organizations should also expand recruitment strategies to include diverse and nontraditional talent pools, improve retention through career development opportunities, and build cyber resilience plans to better prepare for future threats.