A cybersecurity skills crisis is growing and forcing some to take risky shortcuts and temporary fixes to meet security demands. That’s according to new research from Insight Enterprises. In the UK, the problem is equally acute. Some 67 per cent of organisations report a cyber security skills shortage, with over half (56pc) describing the impact as “severe” or “significant.” The shortage is hitting hardest at the senior level, with half of those surveyed citing gaps in strategic skills such as governance, planning, and risk assessment.
Only 24pc of IT decision-makers across EMEA say they have sufficient in-house cyber skills to keep pace with evolving threats. These shortages are delaying key initiatives (so say 57pc) and leaving more than half (57pc) struggling to meet compliance requirements. The study suggests that top barriers to closing the skills gap in EMEA are:
· 68pc of IT leaders cite the high cost of hiring and training as a major barrier
· 65pc point to a lack of qualified candidates in the market.
The study suggests that the issue runs deeper than recruitment, as the research showing that the cyber skills gap is not confined to technical roles; it spans operations, leadership, and compliance functions. This shortage is undermining both day-to-day resilience and long-term strategic planning.
As for long-term growth and resilience, the answer isn’t simply more hires or more tools, said Adrian Gregory, EMEA President at Insight. He said: “What’s needed is a fundamental shift in how organisations think about security, from reactive defence to proactive design. That shift starts with leadership. Closing the cyber skills gap means cultivating leaders who can orchestrate human–machine collaboration, translate technical risk into business impact, and embed security into the fabric of innovation.
“The organisations that will lead in the next era are those that align strategic talent with intelligent technology and trusted partnerships. It’s this blend that builds the resilience required to grow, adapt, and stay ahead.”
High-profile attacks
Meanwhile the Chartered Institute of Information Security (CIISec) points to recent high-profile cyber attacks on British institutions such as Jaguar Land Rover, Co-op and Transport for London (TfL) that have caused prolonged disruption, financial loss and shaken public trust. The UK Government recently published its Assessment of Priority Skills to 2030 report, mapping projected employment needs across 10 critical sectors, including engineering, life sciences, and financial services. While the report rightly highlights the urgency of developing future-ready skills in areas such as AI and digital technologies, the complete absence of cybersecurity is a glaring omission, CIISec adds.
