A new report from the Sans Institute reveals that nearly 50% of European organizations are influenced by regulatory directives in shaping their cybersecurity hiring practices, positioning the region ahead in addressing the cybersecurity talent gap. For the first time, 52% of global organizations cite “not having the right staff” as their main concern, surpassing “not having enough staff” (48%).
Helen Patton, cybersecurity leader at Cisco, emphasized that the issue is not a talent shortage but finding people with the right skill sets. Europe’s regulatory frameworks, like NIS II and DORA, are accelerating the adoption of competency-based hiring strategies, with Europe leading in areas like GDPR.
The research highlights a growing focus on hiring for character traits, such as work ethic and aptitude, over technical experience. Sean Mason of United Airlines noted that this approach has helped the company achieve better talent retention by prioritizing qualities like intellectual curiosity.
With this shift, roles are increasingly accessible to individuals from diverse backgrounds, not just technical fields. The importance of certifications is also rising, with 65% of European organizations requiring them for client-facing roles and 58% using them for internal promotions.
Europe faces a critical shortage of cybersecurity professionals, with over 300,000 unfilled positions. Enisa’s European Cybersecurity Skills Framework (ECSF) is helping address this gap. The report shows a shift in hiring priorities, with technical capability now ranking higher than work experience, and certification validation becoming more important.
This shift to skills-based hiring also highlights a disconnect between HR and cybersecurity teams that must be addressed for success.
