Cybersecurity Practical Skills Gaps in Europe: Market Demand and Analyses

The recent study of the CyberSecPro European innovation project confirms the cybersecurity practical skills gaps in Europe [1]. CyberSecPro aims to bridge the gap between degrees, working-life and marketable cybersecurity skill sets necessary in the digitalization efforts and become the best practice for all cybersecurity training programs. University of Novi Sad is one of the project partners within consortia of the seventeen (17) higher education institutions and thirteen (13) security companies who propose the agile CyberSecPro professional cybersecurity practical and hands-on training program that will complement, support and advance the existing academic programs by linking innovation, research, industry, academia and SME support [2]. The project is funded by the EU Digital Europe Program.

The cybersecurity industry faces increasing challenges with the growing number and complexity of cyber threats. To address these challenges, a skilled and competent cybersecurity workforce is required. Understanding the industry’s specific needs can help inform education and training programmes, recruitment and retention strategies, and workforce development initiatives. In order to assess and determine the cybersecurity knowledge areas and skills demanded in the labour market and the key sectors of energy, maritime and health, a survey was conducted as one activity of CyberSecPro project. The survey was distributed to EU partners in the CyberSecPro consortium to further distribute to their respective networks. The survey aimed to identify the hands-on skills and competencies needed in the cybersecurity industry, focusing on the health, energy, and maritime sectors.

A total of 243 participated in the survey. The results show that 23 % of respondents worked at large organisations, 2.9 % were professional practitioners, 8.6 % worked for government organisations, 35.4 % worked at a university or research institute, and 27.6 % were in small and medium-sized enterprises (SMEs). Sector-wise, participants were distributed as follows: 54.7 % Digital-ICT, 8.2 % maritime, 6.2 % healthcare, 4.5 % energy sector, and 26.3 % miscellaneous.

Figure 1. Respondent’s Types of the Organisation

The first part of the survey asked respondents to select the professional profiles that are most needed in their organization/company from a list of options. The most in-demand job role was Chief Information Security Officer (45 %), followed by Cybersecurity Educator (39 %), Cybersecurity Architect (38 %), Cybersecurity Researcher (34 %), Cyber Legal, Policy and Compliance Officer (34 %), and Cyber Incident Responder (33 %). Cybersecurity Auditor (20 %) and Digital Forensics Investigator (15 %) were also often selected by the respondents.

Table 1: Cybersecurity Job Roles Needed in the Industry

Job role / Work sectorHealth (14)Energy 
Maritime (20)ICT (130)Other (61)Total 
Chief Information Security Officer88115524106 (45 %)
Cybersecurity Educator626591992 (39 %)
Cybersecurity Architect266571889 (38 %)
Cybersecurity Researcher324541881 (34 %)
Cyber Legal, Policy and Compliance Officer738402179 (34 %)
Cyber Incident Responder4510392078 (33 %)
Cybersecurity Implementor554471273 (31 %)
Cybersecurity Risk Manager665332474 (31 %)
Cyber Threat Intelligence Specialist343421567 (29 %)
Penetration Tester (Ethical Hacker)236431367 (29 %)
Cybersecurity Auditor23627947 (20 %)
Digital Forensics Investigator134181036 (15 %)

Next, the survey asked respondents to indicate which cybersecurity knowledge areas are currently most important in their domain. Table 2 presents the most popular knowledge areas as indicated by the respondents.

Table 2: Cybersecurity Knowledge Areas in Demand

Knowledge areas (KA) in demandHealth (69)Energy(55)Maritime (91)ICT (599)Other fields(221)Total (1035)
Cybersecurity Tools5685529103 (10 %)
Cybersecurity Management680492588 (9 %)
Cybersecurity Technologies350522484 (8 %)
Cybersecurity Principles752481981 (8 %)
Emerging Digital Technologies335401465 (6 %)
Ethical Hacking560301354 (5 %)
Offensive Security352251247 (5 %)
Cybersecurity Education and Training41017628 (3 %)
Cybersecurity Regulations10315827 (3 %)
Cyber threat awareness01612524 (2 %)
Incident response21412221 (2 %)
Forensics1109718 (2 %)
Threat intelligence00014418 (2 %)
Communications and Network Security31013017 (2 %)
Cybersecurity for ML and AI11013116 (2 %)
Penetration Testing10111316 (2 %)
Vulnerability Assessment21310016 (2 %)
Cybersecurity Compliance00212115 (1 %)
Risk Assessment0235515 (1 %)
Risk Management3127215 (1 %)
Defensive practitioners0109414 (1 %)
Cybersecurity Management Systems00120113 (1 %)
Cloud Security0108211 (1 %)
Cybersecurity Architecture0017210 (1 %)
Cybersecurity Engineering1162010 (1 %)
Cybersecurity Processes0080210 (1 %)
Data protection and security210519 (1 %)

Finally, the survey asked respondents about the different hands-on skills and skillsets needed for work in cybersecurity. Table 3 presents the most sought-after practical skills identified by the survey responses. Overall, the survey results demonstrated a considerable dispersion of responses across the various categories. However, some skills were reported more than others: The top-reported needed skills were Network security control (4 %), Penetration testing (4 %), and Incident response (4 %). Other highly reported needs included Cloud security (3 %), Risk management (3 %), Education and training skills (3 %), and Risk assessment (3 %).

Table 3: Cybersecurity Hands-on Skills in Demand

Hands-on skills in demandHealth (54)Energy (36)Maritime (53)ICT (420)Other (151)Total (714)
Network security control20122732 (4 %)
Penetration testing10126432 (4 %)
Incident response01318830 (4 %)
Cloud security14113423 (3 %)
Risk management52110523 (3 %)
Education and training skills2118921 (3 %)
Risk assessment12112521 (3 %)
Forensics01116220 (3 %)
Network and system administration02212521 (3 %)
Technical skills00010818 (3 %)
Legal Training10012417 (2 %)
Threat detection20012317 (2 %)
Analysis and Critical thinking10010516 (2 %)
Artificial intelligence (AI)1119416 (2 %)
Cybersecurity architecture00211314 (2 %)
Software security11113117 (2 %)
Programming skills1019414 (2 %)
Compliance02012016 (2 %)
Vulnerability assessment00010414 (2 %)
Communication – teamwork (soft-skills)2225213 (2 %)
Threat understanding / knowledge0036312 (2 %)
Operating Systems0108211 (2 %)
Software Design Skills0008311 (2 %)
Auditing0008210 (1 %)
DevSecOps / DevOps1206110 (1 %)
Management skills0025310 (1 %)
Threat intelligence0009110 (1 %)

From the point of view of the market-elicited knowledge areas and skills, the outcome of the survey implies that most academic programmes are not offering the sufficient workforce supply and knowledge areas demanded by the market. For example, in 2022, the shortage of cybersecurity professionals in the EU ranged between 260,000 and 500,000, while the EU’s cybersecurity workforce needs were estimated at 883,000 professionals. In addition, women only amounted to 20% of cybersecurity graduates and to 19% of information and communications technology specialists [4]. We identified knowledge areas and skills that require more focus by EU academic programmes to help with new cybersecurity workforce and existing workforce’s skilling, upskilling and reskilling. The results also suggest a significant gap in essential cybersecurity skills. 

Based on the results, the following recommendations are proffered to address the cybersecurity skills gap:

  • Boost the transformation of higher education programmes to address market demand and increase investment in cybersecurity education and training.
  • Encourage effective dissemination and implementation of the European Cybersecurity Skills Framework (ECSF) [5] and consolidate the cybersecurity workforce training programme.
  • Encourage collaboration between educators and industry experts for cybersecurity skilling, upskilling and reskilling of educators/trainers and professionals.
  • Promote collaboration between academia, industry, government, and other stakeholder in developing cybersecurity talent and workforce.

We hope that the results of this survey will provide valuable insights for industry professionals, policymakers, and educators regarding the skills and competencies needed in the cybersecurity workforce. In addition, they will help to inform strategies for developing a more skilled and competent workforce.


Danijela Boberic Krsticev, University of Novi Sad, authored this blog contribution. The research conducted in this paper was triggered by the project ‘Collaborative, Multi-modal and Agile Professional Cybersecurity Training Program for a Skilled Workforce In the European Digital Single Market and Industries’ (CyberSecPro) project. This project has received funding from the European Union’s Digital Europe Programme (DEP) programme under grant agreement No 101083594. Special thanks to the partners of these projects and their contributions. The sole responsibility for the content of this paper lies with the authors. The authors are grateful for the financial support of these projects that have received funding. The views expressed in this paper represent only the views of the authors and not of the European Commission or the partners in the above-mentioned projects.

Sources of the information / References:

  1. Rathod, P., Ofem, P., Polemi, N., Hynninen, T., Lugo, R. G., Alcaraz, C., Kioskli, K., & Rannenberg, K. (2023). Cybersecurity practical skills gaps in Europe: Market demand and analysis. CyberSecPro-Digital Europe Programme. Retrieved from
  2. CyberSecPro-Digital Europe Programme Project. (2023). Retrieved from
  3. The Digital Europe Programme. (2022). Retrieved from
  4. Cybersecurity Skills Academy: a coordinated approach to boost the EU cyber workforce. (2023). Retrieved from
  5. European Cybersecurity Skills Framework (ECSF) – ENISA. (2023). Retrieved from
%d bloggers like this: