87% of Organizations Faced Security Breaches in 2023
Riyadh:
Fortinet, the global cybersecurity leader driving the convergence of networking and security, has recently released its 2024 Global Cybersecurity Skills Gap Report, which sheds light on the growing challenges organizations around the world, and in Saudi Arabia, face due to the shortage of skilled cybersecurity professionals.
The report found that 87% of surveyed organizations experienced at least one security breach in the past year, compared to 84% in 2022 and 80% in 2021. This increase is largely attributed to the lack of cybersecurity expertise among employees, posing a significant challenge as organizations increasingly rely on digital technologies and face more complex cyber threats.
Malware, phishing, and cyberattacks on websites were identified as the most common types of attacks, accounting for 80% of total attacks on these organizations over the past year. Many of these attacks directly target individual users, underscoring the importance of promoting public awareness of cybersecurity and enhancing individuals' skills in recognizing and combating cyber threats.
Given the growing trend toward digital transformation across various sectors, the report stresses the need for a proactive approach to addressing the cybersecurity skills gap. This includes comprehensive strategies that combine training, awareness, and the deployment of cutting-edge security technologies to ensure a safe and reliable digital environment.
Enhancing Capabilities
Efforts to bolster cybersecurity are crucial as Saudi Arabia strives to achieve its ambitious Vision 2030 goals, ensuring the safety of digital transformation and economic prosperity across various sectors. The Kingdom has ranked first globally in cybersecurity in the 2024 World Competitiveness Yearbook, reflecting its commitment to enhancing its capabilities in this field.
Sami AlShwairakh, Senior Director for KSA at Fortinet, emphasized the severity of the cybersecurity skills gap on the country's digital journey: 'The lack of qualified professionals in this field poses a significant risk to Saudi institutions, especially as they accelerate their digital transformation efforts. Addressing this challenge is critical to strengthening the Kingdom's cyber resilience and achieving the goals of Saudi Vision 2030 to become a regional hub for technology and innovation'.
AlShwairakh highlighted the importance of the National Cybersecurity Strategy, which focuses on addressing the cybersecurity skills gap through public-private partnerships, including cybersecurity service and solution providers, the development of specialized educational and training programs, and supporting the growth of a strong local cybersecurity industry. Additionally, the launch of the National Program for Research, Development, and Innovation (RDI) is a key initiative.
Severe Losses
The Fortinet 2024 Global Cybersecurity Skills Gap Report further reveals that breaches are also having more substantial financial and reputational consequences for companies. Over 50% of respondents indicated that cyberattacks cost their organization more than $1 million in lost revenue, fines, and other expenses last year - up from 48% in 2022 and 38% the year prior.
Additionally, the report reveals that corporate executives are being held more accountable, with 51% of leaders facing penalties such as fines, job loss or even jail time following a breach. In response to these risks, boards have taken urgent steps to improve cybersecurity, including mandatory training or certification for IT and security staff (64%), security awareness training for all employees (61%), and the purchase of advanced security solutions (59%).
Professional Challenges
Recognizing the critical importance of cybersecurity, the report found that 97% of organizations say their board of directors views it as a business priority. In fact, 72% of respondents said their boards were more focused on security in 2023 compared to the previous year. However, more than 70% of respondents said it is challenging to find qualified, certified individuals to fill open cybersecurity roles.
As a result, business leaders are placing great value on hiring candidates with cybersecurity certifications, with 91% expressing a preference for certified professionals. However, only 89% of executives are willing to cover the costs of certification for employees.
Three-Pronged Approach
To address these workforce challenges and build cyber resilience, the report recommends a three-pronged approach: investing in training and certifications to upskill IT and security teams, cultivating a cyber-aware frontline staff and how to identify and respond to cyber threats, and investing in advanced security technologies to protect data and networks from cyberattacks.
AlShwairakh added, 'Combining advanced security technology with ongoing workforce awareness significantly strengthens the Kingdom's digital defenses and opens new avenues for growth and innovation, in line with Vision 2030's goal of transitioning to a knowledge and innovation-based digital economy.'
Fortinet's award-winning Training Institute is one of the leading programs in the field of cybersecurity. It aims to make cybersecurity certifications and new job opportunities accessible to all community members, contributing to closing the skills gap and enhancing Saudi Arabia's cybersecurity capabilities.