Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breaches
Chronic cyber skills shortages mean many businesses are implementing quick fixes
Most European organizations are taking dangerous risks when it comes to security, largely due to a chronic shortage of relevant cyber skills.
According to new research from Insight Enterprises, the skills crisis is forcing 64% of organizations across EMEA to take risky shortcuts and implement temporary fixes to meet security demands.
"Legacy approaches to cybersecurity are being stretched beyond their limits,” researchers said.
“Teams working in silos, with fragmented tools and limited support, are being asked to manage rapidly expanding attack surfaces, secure hybrid infrastructures, and keep pace with the accelerating adoption of AI technologies — all while navigating increasing regulatory demands and growing pressure on budgets.”
The result, researchers said, is a “mounting disconnect” between what enterprises need from cybersecurity, and what current models can deliver.
A concerning portion of businesses employ workarounds or short-term fixes, but researchers warned they come at a huge cost.
“Organizations that can’t keep up with security demands risk not just higher exposure to breaches, but slower innovation, reduced resilience, and missed growth opportunities,” the study noted.
Cyber skills shortages are hurting UK businesses
In the UK, the skills crisis is particularly acute, with researchers finding 67% of enterprises reported a significant talent shortage. More than half (56%) described their talent shortage as ‘severe’ or ‘significant’.
Notably, the biggest problem is at the senior level, with 50% citing gaps in strategic skills such as governance, planning, and risk assessment.
As a result, only 24% of IT decision-makers across EMEA say they have sufficient in-house cyber skills to keep pace with evolving threats. This is has led 57% to delay key initiatives, with the same number struggling to meet compliance requirements.
Cyber skills go beyond technical know-how
Crucially, the study from Insight noted the cyber skills gap isn't just confined to technical roles. Indeed, this issue spans operations, leadership, and compliance functions, undermining both day-to-day resilience and long-term strategic planning.
The biggest barrier to filling the skills gap is the high cost of hiring and training, an issue cited by 68% of respondents, followed by a lack of qualified candidates in the market, at 65%.
Researchers said that while complete replacement of human workers is unrealistic, cultivating leaders who can orchestrate better human-machine collaboration could be a workaround.
The ability for leaders to translate technical risk into business impact and embed security within day-to-day business processes is crucial.
“The organizations that will lead in the next era are those that align strategic talent with intelligent technology and trusted partnerships,” said Adrian Gregory, EMEA president at Insight. "It’s this blend that builds the resilience required to grow, adapt, and stay ahead.”
There is hope for the future, the study noted. Most leaders are confident that AI can revolutionize organizational workflows and 60% expect the cybersecurity skills gap to improve over the next year - although a quarter expect it to get worse.
Meanwhile, training and retention schemes for promising junior staff will be an important strategy for creating a skilled pipeline for mid- and senior-level roles.
“The skills crisis may have started this conversation, but the strategy crisis is what will define its outcome," said Rob O’Connor, Insight's chief information security officer for EMEA.
"Organizations that treat cybersecurity as a strategic business discipline — not a bolt-on IT function — will be the ones who thrive.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to choose the best cybersecurity vendor for your business
- Best online cybersecurity courses
- Cybersecurity certification vs degree: Which is best for your career?
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
