Skip to main content
Kent Academic Repository

Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education

Nurse, Jason R. C., Adamos, Konstantinos, Grammatopoulos, Athanasios, Di Franco, Fabio (2021) Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education. Report number: 10.2824/033355. European Union Agency for Cybersecurity (ENISA) (doi:10.2824/033355) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:91977)

PDF Publisher pdf
Language: English

Restricted to Repository staff only
Contact us about this Publication
[thumbnail of ENISA_Report-Addressing_Skills_Shortage_And_Gap_Through_Higher_Education.pdf]
Official URL:


The cybersecurity skills shortage and gap are well-documented issues that are currently having an impact on national labour markets worldwide. While various initiatives related to cybersecurity skills have been proposed and multiple actions have been launched to address the problems, the shortage and gap persist. ENISA has a long tradition of studies and programmes that have attempted to mitigate similar cybersecurity issues. In an effort to increase the EU’s future cybersecurity workforce and ensure the availability of appropriately trained professionals, ENISA has investigated the problem further.

In this report, ENISA contributes to both practice and research on the cybersecurity skills shortage and gap in two distinctive areas. Firstly, it provides an overview of the current supply of cybersecurity skills in Europe through an analysis of data gathered and generated by the recently established Cybersecurity Higher Education Database (CyberHEAD). Secondly, it describes the policy approaches adopted by EU Member States in their quest to increase and sustain their national cybersecurity workforces. These approaches have been classified and analysed based on objectives defined by ENISA’s National Capabilities Assessment Framework (NCAF), namely cybersecurity awareness, training, challenges and exercises. Here we note that this report focuses on the role of the higher education sector in addressing the EU cybersecurity skills shortage and gap, and therefore vocational or lower forms of education in cybersecurity related topics are not considered as core parts of this study.

Based on the data collected and analysed under the two areas mentioned above, this report makes five recommendations to address the EU cybersecurity skills shortage and gap:

- Increase enrolments and eventually graduates in cybersecurity programmes through:

-- the diversification of the Higher Educational Institutes’ (HEIs) curricula in terms of content, levels and language.

-- the provision of scholarships, especially for underrepresented groups, and more active efforts to promote cybersecurity as a diverse field.

- Support a unified approach across government, industry and HEIs through:

-- the adoption of a common framework regarding cybersecurity roles, competencies, skills and knowledge, for example, the one provided by the European Cybersecurity Skills Framework.

-- the promotion of challenges and competitions in cybersecurity skills.

- Increase collaborations between Member States in:

-- launching European cybersecurity initiatives with shared objectives.

-- sharing of the outputs of programmes (including results and lessons learnt).

- Promote analysis of the cybersecurity market needs and trends through:

-- the identification of metrics showing the extent of the problem and possible measures to cope with it.

- Support the promotion of CyberHEAD (and its further evolution) in order to:

-- facilitate an ongoing understanding of the status of cybersecurity higher education programmes in the EU.

-- monitor trends regarding the number of cybersecurity graduates who could potentially fill current vacancies in the sector.

-- support the analysis of demographics (including the diversity) of new students and graduates in cybersecurity.

-- assist in monitoring the effectiveness of cybersecurity initiatives targeting the supply side (e.g. changes in enrolments in HEI programmes after the release of new cybersecurity initiatives).

-- demonstrate the value of CyberHEAD for HEIs as well as incentivise HEIs to submit their programmes to CyberHEAD.

Item Type: Research report (external)
DOI/Identification number: 10.2824/033355
Uncontrolled keywords: cybersecurity skills, higher education, skills shortage, skills gap, information security, diversity, europe, EU, UK
Subjects: H Social Sciences
Q Science > QA Mathematics (inc Computing science)
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Depositing User: Jason Nurse
Date Deposited: 03 Dec 2021 12:14 UTC
Last Modified: 19 Nov 2022 22:42 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.