Cybersecurity experts are calling for the shortage of tech talent, particularly in cybersecurity, to be made a priority as threats to businesses have never been higher while the EU is trying to gear up.
The threat of tech skills shortage is looming large within the European Union. In France alone, more than 15,000 cybersecurity expert positions are open but not filled, according to a recent study by consulting firm Wavestone.
This “HR issue” is “what is going to limit us in the years to come”, Guillaume Poupard, head of the French cybersecurity agency (ANSSI), told an International Cybersecurity Forum (FIC) being held this week in Lille.
This concern is shared by many cybersecurity experts.
“It’s like there are fires, but there are no more firemen,” Michel Van Den Berghe, president of the Campus Cyber in Paris, told EURACTIV, saying he was “very worried” about the situation.
The Campus Cyber opened its doors in February as part of the French national strategy to accelerate the industry. It aims to become an innovation hotspot to improve the country’s resilience and bridge the gap between the administration, private companies and schools.
In order to address this shortage, the European executive put forward in September 2021 the “Path to Digital Decade”. This initiative aims, among other digital targets, to ensure that the EU27 should be able to rely on 20 million ICT workers by 2030. The leading committee in the European Parliament adopted its position on the strategy on 17 May.
“We can enlarge the digital single market for market access for businesses. But if we do not have the right people, none of this is going to materialise”, European Commission Vice-President Margrethe Vestager told EURACTIV in Lille.
“Everything has changed”
“Until recently, everyone thought cyberattacks were dangerous and didn’t feel concerned”, said the Campus Cyber president adding that “at first, cyber was all about espionage and information harvesting, but with ransomware, everything has changed”.
Indeed, while the accelerated digitalisation of our societies in the COVID-19 era has given rise to an explosion of cyberattacks, it is above all ransomware that has taken advantage of it. Ransomware is a type of malicious software designed to block access to a system until a sum of money, the ransom, is paid.
In 2021, the French data watchdog (CNIL) got 5,037 notifications of personal data breaches – about 14 notifications per day – a 79% increase compared to 2020. 58% of them came from a ransomware attack, which saw a 128% increase compared to the previous year.
And no one is safe. Attacks focused on SMEs (43%) and very small enterprises (26%), as they are “less well-armed than large companies in the face of this threat”, the CNIL explained.
Unsurprisingly, energy companies have become a prime target for hackers, while they are particularly vulnerable because of the geopolitical situation.
Since the start of the year, there has been an increase of 138% in the number of ransomware attack victims among them compared to the whole of 2021, according to a study conducted by the French startup ANOZR WAY, which specialises in data analysis in the face of cyber risk.
The startup also estimates that the cumulative loss of turnover for French companies between January and April alone is €660 million.
“One figure sends a chill down my spine: Two-thirds of companies and SMEs that have been attacked and have not paid the ransom have gone bankrupt,” Van Der Berghe pointed out, calling for more awareness-raising among private-sector players to educate them about good digital hygiene and the recourses they have in the event of a threat.
For the experts, in order to catch up and anticipate threats that are expected to increase in the future, the priority is to dust off the cybersecurity careers to make them more attractive.
“I think it’s really important that we communicate that digital skills are so much more than sort of the old school idea about a man in a black t-shirt in a cellar with a lot of Coca-Cola,” said Vestager.
“It’s a meaningful job, it’s very well paid, but young people still think of pimply guys in hoods”, echoed Van Den Berghe, praising the partnership the Campus Cyber has stricken with the Education ministry in France to promote the industry at the earliest time possible.
It is also about promoting the great diversity of professions.
Vestager added: “There are many more talents needed than being able to code. They need salespeople, they need marketing, they need people to work on changing that organisational culture, and sometimes also their business models.”.
Finally, as cybersecurity is constantly evolving, continuous training is particularly important.
Private companies are also taking up the issue. Microsoft announced last week the launch of a “Cybersecurity Skills Plan” to address the shortage of professionals in France.
The company has created an educational kit to raise awareness among high school students, forged additional partnerships with engineering schools, developed training for people already in work, and plans to open a school to train job seekers.
“With this nationwide training plan, our ambition is to train 10,000 new cybersecurity professionals by 2025,” said the president of Microsoft France, Corine de Bilbao.
[Edited by Luca Bertuzzi/Zoran Radosavljevic]