Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breaches
Chronic cyber skills shortages mean many businesses are implementing quick fixes
Most European organizations are taking dangerous risks when it comes to security, largely due to a chronic shortage of relevant cyber skills.
According to new research from Insight Enterprises, the skills crisis is forcing 64% of organizations across EMEA to take risky shortcuts and implement temporary fixes to meet security demands.
"Legacy approaches to cybersecurity are being stretched beyond their limits,” researchers said.
“Teams working in silos, with fragmented tools and limited support, are being asked to manage rapidly expanding attack surfaces, secure hybrid infrastructures, and keep pace with the accelerating adoption of AI technologies — all while navigating increasing regulatory demands and growing pressure on budgets.”
The result, researchers said, is a “mounting disconnect” between what enterprises need from cybersecurity, and what current models can deliver.
A concerning portion of businesses employ workarounds or short-term fixes, but researchers warned they come at a huge cost.
“Organizations that can’t keep up with security demands risk not just higher exposure to breaches, but slower innovation, reduced resilience, and missed growth opportunities,” the study noted.
Cyber skills shortages are hurting UK businesses
In the UK, the skills crisis is particularly acute, with researchers finding 67% of enterprises reported a significant talent shortage. More than half (56%) described their talent shortage as ‘severe’ or ‘significant’.
Notably, the biggest problem is at the senior level, with 50% citing gaps in strategic skills such as governance, planning, and risk assessment.
As a result, only 24% of IT decision-makers across EMEA say they have sufficient in-house cyber skills to keep pace with evolving threats. This is has led 57% to delay key initiatives, with the same number struggling to meet compliance requirements.
Cyber skills go beyond technical know-how
Crucially, the study from Insight noted the cyber skills gap isn't just confined to technical roles. Indeed, this issue spans operations, leadership, and compliance functions, undermining both day-to-day resilience and long-term strategic planning.
The biggest barrier to filling the skills gap is the high cost of hiring and training, an issue cited by 68% of respondents, followed by a lack of qualified candidates in the market, at 65%.
Researchers said that while complete replacement of human workers is unrealistic, cultivating leaders who can orchestrate better human-machine collaboration could be a workaround.
The ability for leaders to translate technical risk into business impact and embed security within day-to-day business processes is crucial.
“The organizations that will lead in the next era are those that align strategic talent with intelligent technology and trusted partnerships,” said Adrian Gregory, EMEA president at Insight. "It’s this blend that builds the resilience required to grow, adapt, and stay ahead.”
There is hope for the future, the study noted. Most leaders are confident that AI can revolutionize organizational workflows and 60% expect the cybersecurity skills gap to improve over the next year - although a quarter expect it to get worse.
Meanwhile, training and retention schemes for promising junior staff will be an important strategy for creating a skilled pipeline for mid- and senior-level roles.
“The skills crisis may have started this conversation, but the strategy crisis is what will define its outcome," said Rob O’Connor, Insight's chief information security officer for EMEA.
"Organizations that treat cybersecurity as a strategic business discipline — not a bolt-on IT function — will be the ones who thrive.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to choose the best cybersecurity vendor for your business
- Best online cybersecurity courses
- Cybersecurity certification vs degree: Which is best for your career?
-
AWS CEO Matt Garman isn’t convinced AI spells the end of the software industryNews Software stocks have taken a beating in recent weeks, but AWS CEO Matt Garman has joined Nvidia's Jensen Huang and Databricks CEO Ali Ghodsi in pouring cold water on the AI-fueled hysteria.
-
Deepfake business risks are growingIn-depth As the risk of being targeted by deepfakes increases, what should businesses be looking out for?
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
