During the ONE Conference in The Hague, new research results about the European cybersecurity labour and education market were presented. The study mapped existing training and education provision against future labour market needs and identified competence gaps across several EU countries. The aim is to contribute to a unified European framework for action in cybersecurity skills development to address the shortage of cybersecurity expertise in Europe. The combination of 8 different methods combining quantitative and qualitative data for gap analysis and learning objectives definition is unique. The research, led by Security Delta (HSD), is part of the European CADMUS project.
The research identified competence gaps in the Dutch, Greek, Croation and Cypriot labour markets, and weighed in labour market analysis from Lithuania, Spain, Estonia, Slovenia, Hungary and Belgium. The analysis shows a big demand for the following competences: Education & Training Provision, Personnel Development, Problem Management, Information Security Strategy Development, and Risk Management. For these competences, the expected demand exceeds the current supply of educational offerings.
As more sectors start to worry about their security, cybersecurity strategy development and risk management are the first requirements that will grow. With the reported and growing talent shortage, challenges also lie in developing personnel and education & training provisioning to grow the cybersecurity teams.
Level-specific approach
When breaking down the data by proficiency level, we observe that Systems Management, Testing, and Quality Management & Compliance also rank among the most significant gaps. This data highlights the necessity of taking a level-specific approach when determining where to invest in new educational offerings. More technical and quality-related competences are added to the list of gaps this way. When organisations start implementing their newly formed risk management and cybersecurity strategy, the need for testing, system management and quality control will grow.
Mark Ruijsendaal, Programme Director at Security Delta (HSD):” The gaps show that the main priority for new development of training is not necessarily on technical competences, but rather the strategic and business-oriented ones. More technical and quality-related competences are added to the list of gaps when you zoom into the proficiency levels.”
What is next
Building on the research findings, the CADMUS consortium will develop curricula, training platforms and training delivery tailored to the identified skills gaps. The focus will be on the unique challenges and risks faced by Small and Medium-sized Enterprises (SMEs) and the public sector. These challenges stem from the growing complexity and sophistication of cybersecurity threats, the introduction of new standards & regulations (e.g. NIS2, DORA, CRA), and domain-specific developments such as the adoption of cloud and hybrid platforms, as well as the integration of automation and AI in security operations. The public sector as a key domain for cybersecurity training is a differentiator for such a European project.
CADMUS project
The CADMUS consortium, comprised of 7 organisations based in Europe and led by the National Cybersecurity Authority of Greece, has received a 3-year grant to address the cybersecurity expertise shortage in Europe, end of 2024. With this grant of €3.14 million the consortium executes a € 6.3 million programme, co-funded amongst others by the Dutch Ministry of Economic Affairs/RVO and European Commission through the European Health and Digital Executive Agency (HaDEA) as part of the Digital Europe Programme.
The CADMUS consortium partners are the Centrum voor Veiligheid & Digitalisering (CVD) and Security Delta (HSD) from The Netherlands together with the Hellenic National Cybersecurity Authority (NCSA, Greece, coordinator), Computer Technology Institute and Press “Diophantus” (CTI, Greece), Algebra University (AU, Croatia), Digital Security Authority (DSA, Cyprus) and European University Cyprus (EUC, Cyprus). More information: https://cadmus-project.eu.
International ONE Conference in The Hague
The research was first presented by Mark Ruijsendaal from Security Delta (HSD) at the ONE Conference in The Hague, Europe’s prime cybersecurity event. It is a leading platform for sharing knowledge, best practices and research results. The city of The Hague is the International City of Peace. Justice and Security, it plays host to many international tribunals, including the International Court of Justice and the International Criminal Court, as well as hundreds of international organisations, European agencies such as Europol and Eurojust, and NGOs. It is also the hometown of Security Delta (HSD), the Dutch security cluster in which over 300 companies, governmental organisations and knowledge institutions have been working together since 2013 to make a difference in securing our digitising society.
