Higher Education in Europe: Understanding the Cybersecurity Skills Gap in the EU

Back to News

Cybersecurity graduates are expected to double in number in the next 2-3 years as shown by the Higher Education Database managed by European Union Agency for Cybersecurity.

Although the field of cybersecurity has expanded exponentially over the past decade, the fact that the workforce in the field has not increased adequately has now become obvious. The number of skilled and qualified workers is not enough to meet the demand, and national labour markets are disrupted worldwide, Europe included, as a consequence.

The report - ENISA Report - Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education - takes a look into data gathered by the Cybersecurity Higher Education Database - CyberHEAD in order to make a prediction on the future trends. This database is the largest resource of its nature and is able to provide a reliable and up-to-date snapshot of cybersecurity academic programmes available across Europe.

Key findings reveal that the number of programmes and students engaged in cybersecurity higher education are growing. As a consequence, the number of graduates in the next 2-3 years is expected to double. However, gender balance is still an issue with only 20% of female students enrolled.

The report also deep-dives into the policies and approaches adopted by Member States, classifying them according to the EU Agency for Cybersecurity (ENISA) National Capabilities Assessment Framework (NCAF). The framework encompasses awareness, training, challenges and exercises. It includes the list of actions taken around Europe, not only to increase the cybersecurity workforce, but also to increase the quality of candidates and equip them with such skills needed and requested the highest in demand on the job market.

Recommendations in a nutshell

In order to mitigate the cybersecurity skills gap, recommendations are:

  • Increase enrolments and eventually graduates in cybersecurity programmes through the diversification of curriculum, education format and the provision of scholarships in Higher Education Institutions (HEIs).
  • Support a unified approach across government, industry and HEIs through the adoption of a common framework regarding cybersecurity roles, competencies, skills and knowledge, such as the European Cybersecurity Skills Framework and the promotion of cybersecurity skills, challenges and competitions.
  • Develop synergies among Member states cybersecurity initiatives with the support of European bodies and EU funded projects.
  • Promote analysis on the cybersecurity market needs and trends through the identification of metrics to assess the extent of the problem and devise the possible measures to tackle it.
  • Support the use and promotion of CyberHEAD in order to facilitate the ongoing understanding of the status of cybersecurity higher education programmes in the EU, monitor trends, follow progress and effectiveness of cybersecurity initiatives.

 Target audience

  • Member States and European Institutions interested in cybersecurity skills and the role that Higher Education has to play
  • EU Higher Education Institutions (HEIs)
  • Business and industry
  • Researchers and the academic community.

Other ENISA activities on education and cyberskills development

ENISA engages in a number of actions to support and strengthen the enhancement of cybersecurity skills and competence across sectors and at all levels, from the non-experts to the highly technically skilled professionals.

The purpose of such actions is to align with the EU’s Digital Education Action Plan. To this end, ENISA promotes and analyses cybersecurity higher education in the EU in order to respond to the current shortfall in the cybersecurity workforce.

Actions include:

Contact

For questions related to the press and interviews, please contact press(at)enisa.europa.eu