Although the field of cybersecurity has expanded exponentially over the past decade, the fact that the workforce in the field has not increased adequately has now become obvious. The number of skilled and qualified workers is not enough to meet the demand, and national labour markets are disrupted worldwide, Europe included, as a consequence.
The ENISA report takes a look into data gathered by the Cybersecurity Higher Education Database – CyberHEAD in order to make a prediction on the future trends.
Key findings reveal that the number of programmes and students engaged in cybersecurity higher education are growing. As a consequence, the number of graduates in the next 2-3 years is expected to double. However, gender balance is still an issue with only 20% of female students enrolled.
The report also deep-dives into the policies and approaches adopted by Member States, classifying them according to ENISA National Capabilities Assessment Framework (NCAF). The framework encompasses awareness, training, challenges and exercises. It includes the list of actions taken around Europe, not only to increase the cybersecurity workforce, but also to increase the quality of candidates and equip them with such skills needed and requested the highest in demand on the job market.
Recommendations in a nutshell
In order to mitigate the cybersecurity skills gap, recommendations are:
- Increase enrolments and eventually graduates in cybersecurity programmes through the diversification of curriculum, education format and the provision of scholarships in Higher Education Institutions (HEIs).
- Support a unified approach across government, industry and HEIs through the adoption of a common framework regarding cybersecurity roles, competencies, skills and knowledge, such as the European Cybersecurity Skills Framework and the promotion of cybersecurity skills, challenges and competitions.
- Develop synergies among Member states cybersecurity initiatives with the support of European bodies and EU funded projects.
- Promote analysis on the cybersecurity market needs and trends through the identification of metrics to assess the extent of the problem and devise the possible measures to tackle it.
- Support the use and promotion of CyberHEAD in order to facilitate the ongoing understanding of the status of cybersecurity higher education programmes in the EU, monitor trends, follow progress and effectiveness of cybersecurity initiatives.
- Member States and European Institutions interested in cybersecurity skills and the role that Higher Education has to play
- EU Higher Education Institutions (HEIs)
- Business and industry
- Researchers and the academic community.
Other ENISA activities on education and cybersecurity skills development
ENISA engages in a number of actions to support and strengthen the enhancement of cybersecurity skills and competence across sectors and at all levels, from the non-experts to the highly technically skilled professionals.
The purpose of such actions is to align with the EU’s Digital Education Action Plan. To this end, ENISA promotes and analyses cybersecurity higher education in the EU in order to respond to the current shortfall in the cybersecurity workforce.
- The structured approach of the ad-hoc working group on skills framework which soon will deliver a framework able to harmonize cybersecurity education, training, and workforce development and concepts
- Cybersecurity Higher Education Database – CyberHEAD
- European Cybersecurity Challenge (ECSC)
- Awareness campaigns such as the European Cybersecurity Month (ECSM)
- The ad-hoc working group on Awareness Raising for stakeholders of the community to brainstorm and develop ideas and solutions to raise the common level of cybersecurity hygiene and awareness in the effort to change behaviours securing the EU digital market.