Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023


The EU aims to train hundreds of thousands of people to address the cyber skills gap

The European Union’s complex, rapidly changing legislative framework, with the implementation of the NIS II Directive, the Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA), creates a growing need for new workforces in the cyber security field. Despina Spanou, Head of Cabinet of Margaritis Schinas, Vice-President of the European Commission who oversees the EU’s security policies, outlines the underlying problems that make the cyber skills gap even more challenging.

Despina Spanou

Head of Cabinet of Margaritis Schinas, Vice-President of the European Commission

Today, the biggest challenge in the area of cyber security is an atypical skills gap. The sector does not simply suffer from vacancies. “The aggravator is that the cyber sector and the threat landscape are evolving so fast that the people already working in the sector and their skills cannot evolve as quickly as needed. Combining these two, the vacancies and the need for up- and reskilling, makes the sector, the cyber employees and the skills gap very unsteady”, Despina Spanou explains. 

The first challenge is to retain and evolve the current workforces. “The current cyber security professionals are suffering from fatigue, stress and sometimes even burn-outs due to a high workload and crisis management. We need to retain the workforces we have today and keep them relevant. For example, we need to invest in the people already working in the sector to deal with artificial intelligence, which has brought new elements in the threat landscape.” 

Challenge within the challenge 

Next to the challenge of retaining workforces, the sector also needs to attract new talent. “Not enough new people start working in this field of expertise. I have met a lot of young, talented people in international cyber security championships. When I ask them if they want to do this as a job, they politely decline. We need to promote the appeal of the sector, to attract talented people and to convince young graduates who start their education or professional career to orientate themselves towards the cyber sector.” 

As a founding member of the Women4Cyber initiative, Despina also addresses a third challenge, namely not having enough women in the sector. “Cyber security is not the only area that shows this deficit, it occurs in all technical fields and STEM oriented areas. We need to encourage young girls and convince them that this is not a field exclusive to men.” These are the challenges within the challenge for the cyber security sector. 

Beneficial to all 

In April 2023, the European Commission launched the EU Cybersecurity Skills Academy, a platform created to address in a coordinated manner the many challenges related to the cybersecurity skills gap. “A lot of Member States are already trying to unite forces. In Belgium, the Cyber Security Coalition is a great example of the solid cyber ecosystem that has already been built. Members learn from each other and support each other. The Coalition will benefit from using our Academy as an opportunity to offer trainings, education, (re)skilling and to look for work forces that find refuge in this Academy.” 

The Cyber Security Skills Academy was built with the aim of housing all levels of skills education. “It is a one-stop-shop for cyber security training offers, funding opportunities, syllabuses for schools and universities ... Whether you are a young professional seeking to get new skills to enter the field of cyber security, or you are an organisation providing trainings, you can find or pledge training or reskilling opportunities. By bringing everything together, we provide solutions that reduce the skills gap in the short term, the medium term and eventually the long term.” 

Evaluate and improve 

The Academy is currently hosted on the EU Digital Skills and Jobs Platform of the European Commission. “The Commission’s role is temporary. We continue to be part of the management of the Academy, but we involve other actors such as ENISA, the EU Agency for Cybersecurity, and the EU Cybersecurity Competence Centre. It should quickly become a sustainable European infrastructure hosted by EU Member States.” 

Since the launch in April 2023, the initiative received 12 pledges from private companies, training and certifying organisations, and academia that offer training and up- and re-skilling opportunities, etc. All pledges, which have to meet specific criteria to be housed under the Academy, have to be assessed after 6 months in operation, in order to be able to measure their impact and success. “Since most pledges started around the summer, we will know very soon how many people have already engaged in them. We certainly aim to (re)skill thousands of people all over Europe given our current needs”, Despina Spanou concludes.