According to data from ISACA, a professional association, cyber security professionals across Europe are feeling increasingly constrained, with 61% believing their teams are understaffed and 52% feeling they are underfunded. Despite projections of increased spending, these limitations hinder their ability to keep up with a rapidly evolving threat landscape, compromising the safety of those they are tasked with protecting.
A recent survey conducted by ISACA, which included nearly 2,000 members, highlighted that these challenges are also affecting the mental well-being of cyber security professionals. In fact, 68% reported that their work has become more stressful compared to 2019, with 79% attributing this stress to the increasingly complex threat landscape, which is far more intricate than prior to the COVID-19 pandemic. Furthermore, 58% of respondents anticipate facing a cyber attack within the next year—an increase of six percentage points since 2023.
Chris Dimitriadis, ISACA’s chief global strategy officer, emphasized the need for the industry to tackle these issues of underfunding and understaffing. He stated, “In an increasingly complex threat landscape, overcoming these hurdles is essential. Without strong and skilled teams, the security resilience of entire ecosystems is jeopardized, leaving critical infrastructure vulnerable.”
Skills Gap
Despite the clear demand for cyber security expertise, ISACA’s data indicates that this need remains largely unmet. Nineteen percent of respondents reported having unfilled entry-level positions, while 48% indicated open positions requiring specific experience or cyber-related credentials. Although these figures represent a slight decline from 2023 (down from 22% and 53%, respectively), Dimitriadis noted that attracting the right candidates remains a significant challenge.
Regarding the skills that are in most need, 52% of respondents pointed to a shortage of soft skills among cyber security professionals. As practitioners increasingly engage with non-technical stakeholders—such as communicating with leadership during crises or leading employees through security training—soft skills have become crucial. Communication topped the list of necessary soft skills, followed by problem-solving and critical thinking.
Dimitriadis remarked, “The cyber security industry will greatly benefit from a diverse workforce with a variety of skills, experiences, and perspectives. This diversity is crucial for closing the skills gap. Once talent enters the industry, businesses can provide on-the-job training and opportunities for cyber certifications and qualifications.”
Mike Mellor, vice president of security engineering at Adobe, underscored the importance of secure authentication methods amidst the rising frequency and sophistication of cyber attacks. “Adobe believes that nurturing a robust security culture among all employees through anti-phishing training, alongside implementing stronger controls like zero-trust networks with phishing-resistant authentication, is vital for safeguarding any organization.”