Skills-Based Hiring: Europe’s Best Defence for Meeting Cybersecurity Skill Needs

Europe’s cybersecurity teams face critical skills needs in AI, cloud security and risk management—challenges that hiring headcount alone can’t fix. Discover why a skills-first approach to hiring is essential to building a more resilient cybersecurity workforce.

For years, the conversation around Europe’s cybersecurity workforce challenges has focused on staffing numbers. The ISC2 2025 Cybersecurity Workforce Survey, released in December 2025, makes one thing clear: while cybersecurity professionals continue to face workforce shortages within their teams, simply adding people is not enough to build resilient cybersecurity teams. Instead, long-term effectiveness depends on ensuring the right skillsets are covered across the team—whether by hiring for specific capabilities or by upskilling and reskilling existing staff to meet evolving security demands.

Technical and nontechnical skills are in short supply, according to the 16,029 cybersecurity practitioners and decision-makers from across the globe who participated in the 2025 study. Nearly a quarter (23%) of respondents said they are grappling with one or more critical skills needs at their organisation, while another 36% are contending with significant skills shortages.

This skills shortage has a direct impact on an organisation’s ability to defend itself against cyber threats. According to the study, 88% of respondents have experienced at least one significant cybersecurity consequence because of a skills deficiency within the team or wider organisation, with 69% experiencing more than one.

What are the most pronounced skills shortages? Respondents cited AI as their most pressing skills need (41%), followed by cloud security (36%). Risk assessment (29%), application security (28%), as well as security engineering and governance, risk and compliance (GRC) (both at 27%), rounded out the top five technical skills needed by security teams.

Solving Cybersecurity Skills Needs Starts at Hiring for Early- and Junior-Level Roles 

Certainly, hiring cybersecurity professionals with specific technical skills in mind is imperative. Just as important, though, are nontechnical skills. And this focus on a holistic skillset must start at the early- and junior-levels of the cybersecurity workforce.

In fact, ISC2’s 2025 Cybersecurity Hiring Trends Report found that cybersecurity hiring managers are looking to both technical capabilities and nontechnical skills to equip teams with the right mix of technical expertise, non-technical competencies, practical experience and recognised professional certifications. According to the survey, hiring managers value nontechnical skills as much as (and even more than, in some cases) technical skills. Three of the top five skills overall most valued during hiring include teamwork, problem-solving and analytical thinking. The ratings vary by country as follows: 

Why a skills-based approach to hiring is essential for staying ahead of evolving threats 

The global shift to skills-based hiring reflects the fact that you can have a full team, but if those professionals lack expertise in areas such cloud security, AI risk management, or data security, your organisation remains vulnerable. 
The EU’s expanding regulatory framework—including NIS2, DORA, CRA, the AI Act, and the future EU Space Act—sets higher bars for incident reporting, operational resilience, secure-by-design principles and AI governance. While each measure is necessary, it also increases the need for specialised expertise and operational capacity in a labour market that’s already stretched.

This backdrop is precisely why ISC2 advocates for a skills-first approach to hiring—one that values verifiable competencies through certifications as well as traditional credentials—while policymakers should support pathways that make these skills accessible to a broader, more inclusive talent pool. 

About the author 

Tara is responsible for leading and driving the growth of ISC2's global advocacy program, charting the future course of the Centre for Cyber Safety and Education advancing member engagement and global market strategies, and leading the association’s diversity, equity and inclusion (DEI) initiatives. She has more than 25 years of experience in non-profit organisations with an emphasis on advocacy and public affairs, global market development and stakeholder engagement, fundraising and philanthropy, and program development.

About the organisation

ISC2 is the world’s leading member organisation for cybersecurity professionals, driven by a vision of a safe and secure cyber world. With over 265,000 certified members, and associates, ISC2 is a force for good that aims to safeguard the way we live. ISC2's award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. ISC2's charitable foundation, the Centre for Cyber Safety and Education, helps create more access to cyber careers and educates those most vulnerable. Learn more, get involved or become an ISC2 Candidate to build your cyber career. Connect with them on X, Facebook and LinkedIn.