Most European organizations are taking dangerous risks when it comes to security, largely due to a chronic shortage of relevant cyber skills.
According to new research from Insight Enterprises, the skills crisis is forcing 64% of organizations across EMEA to take risky shortcuts and implement temporary fixes to meet security demands.
"Legacy approaches to cybersecurity are being stretched beyond their limits,” researchers said.
“Teams working in silos, with fragmented tools and limited support, are being asked to manage rapidly expanding attack surfaces, secure hybrid infrastructures, and keep pace with the accelerating adoption of AI technologies — all while navigating increasing regulatory demands and growing pressure on budgets.”
The result, researchers said, is a “mounting disconnect” between what enterprises need from cybersecurity, and what current models can deliver.
A concerning portion of businesses employ workarounds or short-term fixes, but researchers warned they come at a huge cost.
“Organizations that can’t keep up with security demands risk not just higher exposure to breaches, but slower innovation, reduced resilience, and missed growth opportunities,” the study noted.
Cyber skills shortages are hurting UK businesses
In the UK, the skills crisis is particularly acute, with researchers finding 67% of enterprises reported a significant talent shortage. More than half (56%) described their talent shortage as ‘severe’ or ‘significant’.
Notably, the biggest problem is at the senior level, with 50% citing gaps in strategic skills such as governance, planning, and risk assessment.
As a result, only 24% of IT decision-makers across EMEA say they have sufficient in-house cyber skills to keep pace with evolving threats. This is has led 57% to delay key initiatives, with the same number struggling to meet compliance requirements.
Cyber skills go beyond technical know-how
Crucially, the study from Insight noted the cyber skills gap isn't just confined to technical roles. Indeed, this issue spans operations, leadership, and compliance functions, undermining both day-to-day resilience and long-term strategic planning.
The biggest barrier to filling the skills gap is the high cost of hiring and training, an issue cited by 68% of respondents, followed by a lack of qualified candidates in the market, at 65%.
Researchers said that while complete replacement of human workers is unrealistic, cultivating leaders who can orchestrate better human-machine collaboration could be a workaround.
The ability for leaders to translate technical risk into business impact and embed security within day-to-day business processes is crucial.
“The organizations that will lead in the next era are those that align strategic talent with intelligent technology and trusted partnerships,” said Adrian Gregory, EMEA president at Insight. "It’s this blend that builds the resilience required to grow, adapt, and stay ahead.”
There is hope for the future, the study noted. Most leaders are confident that AI can revolutionize organizational workflows and 60% expect the cybersecurity skills gap to improve over the next year - although a quarter expect it to get worse.
Meanwhile, training and retention schemes for promising junior staff will be an important strategy for creating a skilled pipeline for mid- and senior-level roles.
“The skills crisis may have started this conversation, but the strategy crisis is what will define its outcome," said Rob O’Connor, Insight's chief information security officer for EMEA.
"Organizations that treat cybersecurity as a strategic business discipline — not a bolt-on IT function — will be the ones who thrive.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to choose the best cybersecurity vendor for your business
- Best online cybersecurity courses
- Cybersecurity certification vs degree: Which is best for your career?
-
More transparency needed on sprawling data center projects, activists claimNews Activists call for governments to be held accountable when data centers are pushed through without proper consultation
-
Red Hat eyes tighter data controls with sovereign support for EU customersNews The company's new offering will see support delivered entirely by EU citizens in the region
-
When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businessesNews The attackers are alleged to have demanded ransoms of up to $10 million
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
