Policy makers have recently reached trialogue agreements on the NIS 2 Directive and DORA Regulation (Digital Operational Resilience in the Financial Sector Act). Both pieces of legislation are expected to bring into scope a larger number of companies and increase cybersecurity requirements for others. The European Commission is also preparing a proposal for a Cyber Resilience Act, which will seek to establish cybersecurity requirements for connected products and software (embedded and non-embedded). At the same time, public and private organisations are often outmatched by nation-state cyber threat actors, a trend that became more prominent since the Ukraine war.
These efforts to increase cyber resilience in the EU face among other challenges, the lack of skilled professionals in cybersecurity. Recent studies estimate this gap in the EU in 350,000. units in 2022, but, – the number is only likely to increase once new legislation enters into force and new skills for companies and market surveillance authorities will be required. Overall, cybersecurity needs increase faster than the availability of the workforce that is supposed to fill these needs. How should policy makers and the industry approach these issues?
Some companies have adopted a blend of human expertise powered by AI and machine learning (ML) that has the potential to counterbalance the skills shortage. It delivers high quality services to customers by combining highly skilled individuals with insights gained by AI and ML ,leaving more basic cybersecurity tasks to automated processes. Moreover, it is a way to attract and retain talent by providing professionals with an opportunity to do more “soulful” work and automating the more repetitive awork. In addition, the use of open-source software has been fundamental in shortening software development times, something that is necessary to respond to a rapidly changing cybersecurity environment.
Ensuring a high level of cybersecurity in the EU, in view with global competition for a scarce resource (cybersecurity professionals) will be a prerequisite to the success of the current and pending EU cybersecurity legislation.
At this critical juncture, CEPS to deep dive into these issues, is organizing this event on the 29th of June from 10 to 11.30 am with representatives from the European Commission, European Parliament, the private sector and cybersecurity experts from academia and civil society .
Questions for discussion :
- How big is the cybersecurity skills gap and how big is it likely to get once new rules are in place?
- What are the skill needs that the new bulk of legislation the EU is putting in place is calling for both for companies and for market surveillance authorities?
- How to guarantee the rights skills that the combination of safety and security is requiring?
- How can we address the skills gap in cybersecurity; how can we attract and retain talent and use AI and ML to make cybersecurity a more attractive career option?
- How can industry and government partner to improve STEM diversity levels and boost Cyber Skills?
- How can we leverage AI and ML to tackle the cybersecurity challenge whilst freeing up people to focus on the most strategic issues?
- How can we use a hybrid approach to address increasing cybersecurity challenges and provide the highest level of security?
Registration and coffee from 09:30 onwards.
This event is supported by TRELLIX