Eurobarometer on Cyber Skills

• September 11, 2024
• admin

A newly published Eurobarometer survey highlights the growing lack of cybersecurity skills across the European Union and calls for immediate action to increase the number of cybersecurity experts and raise cybersecurity awareness among company employees across the EU.

The survey is in line with the recent findings of the EU Agency for Cybersecurity (ENISA) foresight report, which highlighted the lack of cyber skills as an important factor contributing to growing cyber threats. These threats pose major risks to the operation of network and information systems and the overall integrity of the single market.

Results

The Eurobarometer survey on cyber skills highlights a significant awareness of the importance of cybersecurity among companies, with 71% of them recognising it as a high priority. However, the survey revealed a gap where 74% of companies do not provide any training or awareness programmes to their employees.

In addition, 68% of companies believe that there is no need for any training or awareness raising on cybersecurity. The main obstacles include a lack of awareness of relevant training opportunities (16%) and budgetary constraints (8%).

Key findings

Problems with recruitment

Companies face significant challenges in recruiting staff with the right cybersecurity skills:

• 45% of them have difficulty finding qualified candidates.
• 44% report a shortage of applicants.
• 22% of respondents found a lack of awareness of cybersecurity roles.
• 16% cite budgetary constraints
• Other challenges include the need for continuous training (19%), rapidly changing technologies (19%), security clearance requirements (16%), high turnover (13%) and competition with other companies (13%).

Qualification and certification

• 76% of employees in cybersecurity-related positions do not have formal qualifications or certified training.
• 57% of cybersecurity responsibilities are embedded in existing roles from positions outside cybersecurity.
• 34% entered this role from a non-cyber security position.
• 18% were recruited from a previous position in cybersecurity.
• 17% are beginners, for example graduates.
• 10 % entered by other means.

Diversity and Inclusion

• 70% of respondents agree that diversity and inclusion are important for cybersecurity within their companies.
• However, 56% of companies have no women in cybersecurity.
• Of the companies that do so, 32% have one female employee, 6% have two, and only 1% have three to five or more female employees.

Detailed analysis

Problems with hiring staff in the area of cybersecurity

The survey shows that finding suitably qualified candidates is a significant obstacle for companies. The main challenges include:

• Qualified candidates (45%): Lack of candidates with the right skills.
• Shortage of applicants (44%): Insufficient number of candidates for cybersecurity positions.
• Awareness (22%): General lack of awareness of the importance and nature of cybersecurity roles.
• Budgetary constraints (16%): Financial constraints affecting the ability to recruit and retain qualified professionals.
• Continuing training (19%): Continuous training needed to keep up with evolving cyber threats.
• Rapid technological change (19%): The rapid pace of technological progress, which requires constant updating of skills.
• Security clearance (16%): Difficulties in meeting security clearance requirements.
• Turnover (13%): A high rate of fluctuation makes retention challenging.
• Competition (13%): Intensive competition with other companies for qualified candidates.

Qualifications and certifications in cybersecurity roles

A significant proportion of cybersecurity staff do not have formal qualifications:

• 76% of employees in cybersecurity positions do not have formal qualifications or certification. Many employees (57%) take responsibility for cybersecurity beyond their existing non-cyber security roles, highlighting the multifunctional nature of cybersecurity responsibilities in many organisations.
• Recruitment often comes from outside cybersecurity, with 34% switching
  from unrelated roles and 18% from previous cybersecurity roles.
• Entry-level positions are occupied by recent graduates (17%), indicating a growing interest in
  cybersecurity careers among new professionals.

Diversity and Inclusion in Cybersecurity

Diversity and inclusion remain critical but insufficiently addressed aspects of cybersecurity:

• While 70% of companies recognise the importance of diversity and inclusion, implementation is lacking, especially when it comes to gender diversity.
• 56% of companies report having no women in cybersecurity, pointing to significant gender gaps.
• A small proportion of companies employ women in these positions, with only 32% having one woman and even fewer women holding more cybersecurity positions.

Attachments

Detailed survey results and additional data are available in the attached documents, which provide further information on the state of cybersecurity skills and workforce diversity in European companies.