Greece - National Cybersecurity Strategy 2026-2030

The National Cybersecurity Strategy 2026–2030, published by the National Cybersecurity Authority of Greece, establishes the national policy framework, strategic priorities and key directions for the next five years, laying the foundation for a safer and more secure digital environment.

The strategy marks Greece’s transition into a mature phase of national cybersecurity planning. It is based on a systematic analysis of the national, European, and international threat landscape, and leverages modern public policy tools aligned with the European cybersecurity agenda.

Adopting a holistic approach, the strategy focuses on enhancing national cyber resilience, emphasizing knowledge, skills, and meaningful support for both public and private sector stakeholders. Its goal is to create a secure, reliable, and robust digital environment for citizens, businesses, and government institutions between 2026 and 2030.

Skills are the priority for the new Strategy

The Strategy acknowledges that its implementation “requires adequate and skilled human resources” and that the public sector is structurally competing with the private sector for the same talent—a fact that requires a combination of institutional/organizational interventions and continuous investment in education and upskilling. Furthermore, the ENISA Cybersecurity Index 2024 shows a gap in “training, awareness-raising and skills enhancement systems,” which the new Strategy aims to address.

Education, awareness and lifelong learning

The central tool is the National Action Plan on Cybersecurity Education and Awareness, covering all levels – from primary and secondary to tertiary and lifelong learning – for the systematic development of skills and the cultivation of a security culture. The Strategy also integrates citizens/SMEs into the equation, through educational and information material with an emphasis on cyber-hygiene, data protection and the safe use of digital services. At the same time, cooperation with academic and research institutions is encouraged for the continuous transfer of know-how and the co‐development of educational/research activities, so that the modern needs of the market and stakeholders are incorporated into the curricula and workshops.

Training and retraining in the public sector

To strengthen the capacity of the Public Administration, a targeted training and certification program is provided for Information Systems Security Officers with a mentoring mechanism by experienced executives and evaluation/certification procedures in collaboration with the National Center for Public Administration and Local Government (EKDDA).

Specialised training is also provided for DPOs and CISOs through a joint “Cybersecurity & Privacy Compliance” program, with topics such as risk management, Privacy by Design, incident response and compliance documentation – fostering a common language between security and privacy. Operational training is enhanced by seminars, workshops and simulation exercises at national and international level to update practical skills and enhance interoperability between authorities.

Skills development in the wider ecosystem and SMEs

The Strategy aims at systematic skills development and certified training programs for the whole ecosystem – in particular critical infrastructure, public bodies and service providers. A Cyber-Readiness Toolkit (self-assessment, checklists, educational materials) is provided for SMEs, so that security becomes part of their business model and their sustainability/competitiveness is enhanced. At the same time, a study is planned to map skills needs, infrastructure and policies to support SMEs that do not fall within the scope of Law 5160/2024, so that training actions are targeted.

Employment, roles and communities of practice

The Strategy seeks to strengthen and maintain specialised human resources by linking funding to strategic priorities and incentives to invest in cybersecurity. The creation of a National Register of Greek Cybersecurity Researchers and Experts is also envisaged as a mapping, collaboration and networking tool – facilitating the coupling of supply and demand for specialisation and career. In critical compliance/governance roles, the joint DPO‐CISO training upgrades the labour market, as it strengthens skills that cross legal, organisational and technical requirements (NIS2, GDPR), and thus the employability of executives in the public and private sectors.

Law enforcement and societal resilience actions

In the area of cybercrime policing/investigation, specialised training programs (also in cooperation with European mechanisms) as well as simulation exercises are foreseen to understand new forms of crime (e.g. ransomware, deepfakes) and enhance operational readiness. At the same time, prevention / treatment policies are being developed for such phenomena, such as ransomware and deepfakes, accompanied by informative and educational interventions to the general population.

Added value for the National Coalition

The Strategy provides a clear framework on which the National Coalition for Digital Skills and Jobs can contribute as a hub by supporting, communicating and promoting initiatives related to the following specific objectives:

• Continuous education and training of public and private sector staff on cybersecurity.

• Integrate cybersecurity into the training and operational processes of organisations.

• Training actions and prevention measures by the National Cybersecurity Response Authority – National CERT.

• Horizontal development of cybersecurity skills, knowledge and culture.

• Educational and informative material on cyber-hygiene, data protection and the safe use of digital services within the Cyber-readiness Toolbox for Small and Medium-sized Enterprises and the Self-Employed.

• Bridging a Cybersecurity Skills Gap.

• Implementation of a comprehensive cybersecurity training program for public administration executives.

• Implementation of specific reskilling and upskilling programs for Information and Communication Systems Security Officers in public administration bodies.

• Training and skills development programs for specialised cybersecurity staff as a reinforcement through the National Cybersecurity Reserve.

• Developing a national framework for responding to cybersecurity incidents through training tools and simulation exercises at the national and cross-sectoral levels.

• Development and implementation of training programs for law enforcement officers (such as police officers, prosecutors and judges) on cybercrime related issues.

• Creation of a framework for training and certification of Cybersecurity Inspectors in the context of strengthening Cybersecurity Governance.

• Establishment of a framework for the regulation and certification of Cyber Insurance Providers.

• Emphasis on supply chain security in both the Public Administration and the private sector, for example through educational actions to strengthen the relevant capabilities of the actors.