Index  ›  tech  ›  New Statesman

Beyond hiring: tackling the cybersecurity skills gap in the age of AI

New Statesman Published Jun 30, 2026 Reviewed Jul 2, 2026 ✓ Reviewed by citations.press editors
Citation-ready fact
More than half of organisations most urgently need senior-level cybersecurity talent.
more than 50 % · organisations
View source ↗
Citation-ready fact
84% of organisations say AI-enhanced tools are making security teams more effective and efficient.
84 % · organisations
View source ↗
Citation-ready fact
60% of organisations report that their biggest recruitment challenge is finding cybersecurity talent with AI expertise.
60 % · organisations
View source ↗
Citation-ready fact
63% of organisations expect to need more AI oversight and governance roles within the next three years.
63 % · organisations
View source ↗
Citation-ready fact
42% of respondents would trust AI to handle core security functions independently.
42 % · respondents
View source ↗
Citation-ready fact
41% of respondents would trust AI with limited human oversight.
41 % · respondents
View source ↗
Citation-ready fact
92% of organisations are likely to invest in AI-related cybersecurity training or certifications over the next year.
92 % · organisations
View source ↗
Citation-ready fact
87% of organisations expect their cybersecurity teams to grow.
87 % · organisations
View source ↗
Citation-ready fact
56% of respondents cited insufficient cybersecurity skills as a leading cause of security breaches.
56 % · respondents
View source ↗
Citation-ready fact
55% of respondents pointed to poor security awareness as a leading cause of security breaches.
55 % · respondents
View source ↗
Citation-ready fact
71% of organisations now have formal targets for hiring from underutilised talent pools.
71 % · organisations
View source ↗
Citation-ready fact
9 in 10 organisations are already using or experimenting with AI-powered cybersecurity solutions.
more than 90 % · organisations
View source ↗
Citation-ready fact
Chris Parker states that people with 20 or 30 years’ experience can move rapidly into AI use with personal training.
at least 20 years · years of experienceat least 30 years · years of experience
View source ↗

The cybersecurity skills gap is hardly a new phenomenon. For years, organisations have warned that demand for cyber professionals is outstripping supply, while increasingly sophisticated threats continue to raise the stakes of getting security wrong.

Fortinet’s 2026 Cybersecurity Skills Gap report suggests those pressures are far from easing. More than half of organisations say they most urgently need senior-level cybersecurity talent, while cybersecurity skills and security awareness continue to be identified as the leading causes of breaches. At the same time, the growing prevalence of artificial intelligence is creating an entirely new set of workforce demands.

The global report’s findings also suggest a sector in something of a transition. More than nine in ten organisations are already using or experimenting with AI-powered cybersecurity solutions, while 84 per cent say AI-enhanced tools are making security teams more effective and efficient.

Yet 60 per cent report that their biggest recruitment challenge is finding cybersecurity talent with AI expertise, and 63 per cent expect to need more AI oversight and governance roles within the next three years.

For Chris Parker, Director, Government Strategy at Fortinet, the relationship between AI and cybersecurity skills requirements is more nuanced than many assume. It is neither a catch-all automated solution for recruitment woes, or existential crisis for a sector already grappling with a shortage of in-house expertise.

“A lot of people struggle with AI and the concept at the moment,” he says. “Effectively, AI is an enabler which allows things to happen faster, sometimes more efficiently. But that’s true for bad people, as well as good people defending society.”

The challenge, he argues, is not that every employee must become an AI specialist. Instead, organisations need to develop a baseline level of AI literacy across their workforce. Drawing an analogy with touch typing, Parker notes that while some people become experts, most simply need to understand how to use the tool effectively.

“As long as you know the ability of that tool, that’s the piece that most of us have to get to grips with now,” he says.

This distinction matters because AI is increasingly being viewed as both part of the solution and part of the problem. The report found that 42 per cent of respondents would trust AI to handle core security functions independently, while a further 41 per cent would trust it with limited human oversight.

Those findings raise an obvious question: are organisations embracing AI because they trust it, or because they lack the people needed to perform these tasks manually?

Parker acknowledges the danger of seeing AI as a magic bullet, but believes familiarity with its capabilities is building genuine confidence. As AI continues to become embedded within everyday workflows, he argues, that confidence will continue to grow. It also reflects a broader pattern seen throughout technological change.

Yet AI adoption alone will not solve the sector’s long-standing talent shortage. If anything, the speed of technological change has increased the need for continuous training and workforce development.

“If there’s one recommendation I can give, it’s to have a skills training programme for AI in parallel to adoption,” Parker says. Organisations should identify internal champions, invest in workforce development and recognise that learning is not confined to younger generations.

I’ve been delighted to see people with 20 or 30 years’ experience moving quite rapidly into the use of AI with a bit of personal training and skills effort.

The report’s findings suggest that many organisations are beginning to recognise this need. 92 per cent say they are likely to invest in AI-related cybersecurity training or certifications over the next year, while 87 per cent expect their cybersecurity teams to grow.

However, the shortage of experienced talent remains a significant challenge. Rather than viewing this solely as a recruitment issue, Parker believes organisations should think differently about how expertise is sourced and deployed.

“There is, of course, a limited amount of such people and expertise in the market,” he says. “As everyone digitises more, there’ll be more spaces needing those people.”

Part of the answer, he continues, lies in managed services and specialist partners. Just as organisations routinely outsource fleet management, payroll or legal services, many cybersecurity responsibilities can be delegated to trusted providers. The crucial distinction is between responsibility and accountability.

“Accountability will always sit within one person in the organisation,” Parker explains. “But the responsibility could well be delegated to several support and service organisations.”

This perspective becomes particularly relevant when considering one of the report’s more striking findings. For the third consecutive year, respondents identified a lack of cybersecurity skills and security awareness as the leading causes of security breaches, ahead of shortages in security products or technology. 56 per cent cited insufficient cybersecurity skills, while 55 per cent pointed to poor security awareness. The challenge is as much cultural as technical.

“Until not so long ago, it’s largely been a voluntary or wise decision to ensure cybersecurity skills are kept up to date,” Parker says. “However, with regulation and legislation increasing, boards are now taking much more notice of it.

“Those in accountable governance positions over AI linked systems clearly need to have adequate understanding of AI themselves and be aware where and how AI is used in their organisation.”

A major piece of the puzzle is broadening the talent pipeline itself. The report found that 71 per cent of organisations now have formal targets for hiring from underutilised talent pools – a drum that Parker, and Fortinet more broadly, have been beating loudly for some time.

He reels off a long list of industries and demographics that should be more vigorously explored, citing significant opportunities beyond traditional recruitment channels that include veterans transitioning from military careers, school outreach programmes, and work-experience schemes as valuable sources of future talent.

“A piece of paper doesn’t necessarily tell you much about an individual,” he says. “Often good talent can be missed.”

As new technologies reshape the cybersecurity landscape, organisations must rethink not only the tools they use, but also how they find and develop the people responsible for using them.

This article was originally published by New Statesman ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error