Skills shortage exposed by new EU cyber-security regulations
The ongoing threat of cyber-attack and the implementation of new European regulations has exposed a worrying skills gap with businesses struggling to recruit staff who can improve cyber defences.
According to the European Commission, the annual cost of cybercrime to the global economy is estimated to have reached €5.5 trillion by the end of 2020.
In November 2022, the European Parliament updated EU law to bolster investment in strong cybersecurity for essential services and critical infrastructure and strengthen EU-wide rules. The revised Networks and Information Security Directive (NIS2) and the Cyber Resilience Act will set security standards for connected devices.
Industry experts Gartner predict that: “By 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents."
The current problems faced by companies wanting to bolster their cyber defence capabilities is highlighted by cybersecurity company Fortinet in its 2023 Cybersecurity Skills Gap Global Research Report.
Their findings indicate “that organisations are fighting an uphill battle against cyberthreat— incurring more breaches, in need of skilled professionals, and continuing to struggle to fill key positions.”
The report showed that:
· The number of organisations confirming five or more breaches jumped by 53% between 2021 and 2022.
· 48% suffered breaches in the past 12 months that cost more than $1 million to remediate, up from 38% in 2021.
· 90% of leaders prefer to hire people with technology-focused certifications, up from 81% in 2021.
· 90% would pay for an employee to get a cybersecurity certification.
With the financial sector dependent on software and digital processes, the digital operational resilience act (Dora) is designed to ensure the EU's financial sector is more resilient to severe operational disruptions and cyber-attacks.
The new rules will apply to all companies providing financial services - such as banks, payment providers, electronic money providers, investment firms, crypto-asset service providers as well as to critical ICT third-party service providers.
Hans-Wilhelm Dünn, President Cyber Security Council Germany, believes action needs to be taken now to deal with the problem and told EURACTIV: “The already existing shortage of skilled workers will increase in the future – not only due to the rightly increasing regulatory requirements, especially in the area of critical infrastructures, but above all due to an increase in the threat situation in cyberspace.”
The skills shortage last year saw Microsoft announce a global expansion of their cybersecurity skills initiative to 23 additional countries, including 12 in Europe: Belgium, Denmark, France, Germany, Ireland, Italy, Norway, Poland, Romania, Sweden, Switzerland, and the United Kingdom.
Despite that kind of scheme, European Cybersecurity Organisation’s (ECSO) Secretary General, Luigi Rebuffi, told EURACTIV: “Cybersecurity experts in Europe are difficult to find and difficult to retain. The competition for talent is global and large companies with big budgets can afford the best people in this tight market.”
Businesses wanting to avoid the risks to their balance sheet and reputation, should contact a specialist Cyber Insurance Broker to procure a Specialist Broad Form Cyber Insurance Policy. We highly encourage these to avoid ambiguity over coverage and secure protection and relevant cover, as well as pre event cyber risk management together with claims management support.