A cyber security skills crisis is forcing most organisations across EMEA (Europe, Middle East and Africa) to take risky short-cuts and temporary fixes to meet security demands, according to a study. According to the tech company Insight Enterprises, in the UK, the problem is equally acute. In the UK, most, 67 per cent of organisations report a cybersecurity skills shortage, with over half (56pc) describing the impact as “severe” or “significant.” The shortage is hitting hardest at the senior level, where half cite gaps in strategic skills such as governance, planning, and risk assessment.
Only 24pc of IT decision-makers across EMEA say they have sufficient in-house cyber skills to keep pace with evolving threats. These shortages are delaying key initiatives (57pc) and leaving more than half (57pc) struggling to meet compliance requirements.
The study points to barriers to closing the skills gap in EMEA: 68 per cent of IT leaders cite the high cost of hiring and training as a major barrier; and 65pc point to a lack of qualified candidates in the market
The study suggests that the issue runs deeper than recruitment, as the cyber skills gap is not confined to technical roles; it spans operations, leadership, and compliance functions. This shortage is undermining both day-to-day resilience and long-term strategic planning.
Adrian Gregory, EMEA President at Insight, says: “The answer isn’t simply more hires or more tools. What’s needed is a fundamental shift in how organisations think about security, from reactive defence to proactive design.”
A 2025 Cybersecurity Hiring Trends Report released in June by the US-based cyber association ISC2 found when evaluating candidates, managers prioritise those with hands-on IT experience or cybersecurity certifications over those with education in IT, cybersecurity and computer science that lack professional experience.
Meanwhile as featured in the September edition of Professional Security Magazine, a paper by Dr Ismini Vasileiou, Director, East Midlands Cyber Security Cluster (EMCSC), Co-Chair, UK Cyber Cluster Collaboration (UKC3), and Associate Professor at De Montfort University, called for a new cyber skills ‘taxonomy‘. She said of the UK’s chronic shortage of cyber professionals: “There’s currently a mismatch between Government industrial ambition and educational reality. We won’t secure a 21st Century digital economy with a 20th Century skills pipeline. This is emerging as a critical situation for SMEs, which are the backbone of the UK economy but which are increasingly exposed as they race to meet modern digital expectations and standards.”
Visit insight.com.
