EU must reinforce cybersecurity skills

A Eurobarometer survey indicates that not only is the cyber skills shortage increasing but there needs to be more cyber specialists as well as an increase in cybersecurity aware staff in every company across the EU.

This tallies with a recent foresight report published by ENISA, the EU Agency for Cybersecurity  which noted that the cyber skills gap appears to be closely connected to cyber threats.  This represents a major threat to the functioning of network and information systems and to the Single Market as a whole.

The results of the Eurobarometer survey have shown interesting insights concerning cybersecurity awareness, hiring difficulties, absence of qualifications and certifications, and a gender gap.

  • A lack of awareness: while there is a general consensus that cybersecurity is a high priority (71% of the companies), taking action remains the main challenge:  74% of the companies have not provided any training or raised awareness among their employees. Additionally, 68% of companies stated that no training or awareness raising about cybersecurity is needed (16% are unaware of relevant training opportunities and eight per cent mention budget constraints as a reason).
  • Hiring difficulties: companies are facing severe difficulties in finding appropriate candidates, if they have open positions. More than half of the companies that searched for adequate candidates experienced difficulties, such as finding qualified candidates (45%), because of lack of candidates (44%), lack of awareness (22%) and budget constraints (16%).
  • Qualification and certification: 76% of employees in cybersecurity related roles do not have any formal qualifications or certified trainings. 34% entered the role from a non-cyber related role, while 57% absorbed the cybersecurity responsibilities into an existing role.
  • Diversity and Inclusion: most of the respondents (70%) to the survey agree that diversity and inclusion in cybersecurity are important in their respective companies. However, while roughly two thirds agree that women are encouraged to take up roles and tasks in cybersecurity, 53% of companies do not have any women in cybersecurity roles.

Cyber Skills Academy: the tangible instrument to reinforce the EU’s cyber workforce 

The Commission has reinforced its efforts to increase awareness, visibility of cybersecurity skills initiatives and boost the numbers of skilled cybersecurity professionals in the EU.  As part of those efforts, the Cybersecurity Skills Academy (‘the Academy’) launched last year (link), aims to strengthen the synergies between private and public initiatives at European and national levels to address needs of the cybersecurity labour market and its resilience.

Commission Vice President Margaritis Schinas and Commissioner Thierry Breton met with high-level representatives of industry and organisations that have pledged free trainings to the Academy.

The Academy, launched last year, aims to be a single entry-point of European-wide training opportunities, including the main initiatives and organisations related to cyber skills on national and European levels, providing information on Cybersecurity certifications. This is done notably through the help of the Member States via the Networks of National Coordination Centres (NCCs).  Furthermore, ENISA is currently reviewing the European Cybersecurity Skills Framework (ECSF), a practical tool to identify tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals.

Participants at the meeting reinforced their commitment to maximise the impact of the Academy. As immediate follow-up, the Commission announced the creation of a dedicated network including academia and the higher-education community and Industry to facilitate the synergies between the needs of the market and the design of academia curricula.

Furthermore, the Commission has included the Women4Cyber Network in the Academy’s platform to actively work against gender-based stereotypes in cybersecurity.

This year, the Commission has dedicated 10 million EUR to support projects that aim to implement training programmes for SMEs, start-ups, and the public sector. With this, the total amount invested since 2021 in projects and initiatives supporting cyber skills together with Member States and private-sector partners rose to an estimated 600 million EUR.

New funding opportunities will be made available in autumn 2024. The Academy could take the shape of a European digital infrastructure consortium (EDIC), a new legal framework to implement multi-country projects. The possibility of setting up an EDIC on a Cybersecurity Skills Academy is being explored with Member States. In the meantime, the Commission is calling for new stakeholders to pledge to support cybersecurity upskilling on the Digital Skills and Jobs Platform, in the dedicated section on cybersecurity.

Source: European Commission (Shaping Europe’s digital future) | News & Views (