Home Blog Cybersecurity’s Talent Crisis: What the WEF and ENISA Reports Reveal About Europe’s Digital Future

Cybersecurity’s Talent Crisis: What the WEF and ENISA Reports Reveal About Europe’s Digital Future

Posted on April 3, 2025

A new World Economic Forum report is out, and I’ve taken the time to read and analyze it —and discuss the trends that matter most for you.  

If you work in cybersecurity, risk, or compliance, what you’ll read below isn’t just insight—it’s your roadmap. So, let’s dive in!

Global Trends – A World Rewired by Technology

The future of work is no longer on the horizon—it’s unfolding now, and it’s rewriting the rules of employment at every level. The World Economic Forum’s (WEF) “Future of Jobs Report 2025” offers a sweeping, data-rich view of how technology, economics, and societal shifts are converging to reshape the global workforce. And nowhere is this shift more pronounced than in the realm of information technology and cybersecurity. 

A Net Gain… but With a Catch 

WEF projects that by 2030, a net 78 million jobs will be created globally. This growth is fueled largely by investment in technologies like artificial intelligence, machine learning, cloud computing, and data analytics. But the full picture is more complex. 

For every role created, another may disappear. Nearly 44% of workers’ core skills are expected to change in the next five years, according to the WEF. Roles built around repetitive, rule-based tasks—from data entry clerks to manual security testers—are facing accelerated automation. These jobs are not simply evolving—they’re being erased. 

Jobs on the decline include: 

• Data entry clerks, whose roles are increasingly handled by automation 

• Manual firewall administrators, displaced by intelligent security orchestration tools 

• Basic system support roles, as infrastructure shifts to cloud-managed platforms 

Jobs Evolving Faster Than People 

Perhaps more disruptive than extinction is transformation. The WEF emphasizes that many roles will not vanish—but they will demand entirely new skill sets. Workers stuck in yesterday’s capabilities will find themselves outpaced, even if their job title survives. 

For instance: 

• Security analysts are transitioning from monitoring dashboards to AI-driven threat modeling 

• SOC teams are evolving into fusion centers, blending cyber, physical, and AI threat streams 

• Risk and compliance officers now require expertise in AI ethics, data governance, and emerging tech regulations 

The pressure to reskill is immense. WEF reports that six in ten workers will require training before 2027, yet only half currently have access to adequate training opportunities. Organizations that fail to invest in workforce development are likely to fall behind—not just technologically, but competitively. 

Spotlight on Cybersecurity: Rising Demand, Rising Complexity 

Among the fastest-growing job categories identified by the WEF are: 

• AI and machine learning specialists 

• Cybersecurity professionals 

• Information security analysts 

• Digital transformation specialists 

Cybersecurity is booming—but not without complications. As the attack surface expands (through cloud migration, IoT, remote work), the need for sophisticated security strategies grows with it. And this isn’t just about hiring more staff—it’s about reimagining what cybersecurity roles do. 

Emerging roles now include: 

• AI security testers, who simulate attacks on machine learning models 

• AI risk governance specialists, responsible for compliance and transparency in algorithmic decisions 

• Cloud security architects, managing hybrid environments at global scale 

As threat actors evolve—from hacktivists to state-sponsored groups—defense mechanisms must adapt too. The WEF highlights that businesses must embed resilience, trust, and ethical oversight into their digital strategies, making security professionals central to innovation, not just crisis response. 

The Global Shift Is Only the Beginning 

The WEF’s report delivers a clear message: the future workforce must be agile, tech-savvy, and continuously learning. Yet this global vision is only one side of the story. In regions like Europe—particularly within critical sectors such as finance—the gap between demand and capacity is becoming dangerously wide.

Europe’s Cybersecurity Paradox – WEF Optimism Meets ENISA Reality

While the World Economic Forum paints a hopeful vision of digital progress and job creation, a deeper look at Europe’s cybersecurity landscape tells a more sobering tale. This is a continent where demand for skilled professionals is surging—but the workforce is cracking under pressure. Nowhere is this contradiction more pronounced than in the finance sector, where security isn’t just a technical concern—it’s a pillar of public trust and regulatory survival. 

The European View from WEF: Cybersecurity Roles Rising Fast 

According to the WEF’s Future of Jobs Report 2025, Europe is on track to significantly expand its cybersecurity workforce over the coming five years. The region’s ongoing digital transformation—combined with regulatory initiatives like the Digital Decade, GDPR, DORA, and NIS2—means that every organization, especially in finance, must prioritize secure digital operations. 

Jobs in demand include: 

• Information security analysts 

• Chief Information Security Officers (CISOs) 

• Risk and compliance officers 

• Cloud security architects 

• AI governance and data ethics roles 

The WEF suggests that these roles will not only grow but become central to organizational strategy. For example, the CISO is now expected to sit at the executive table, contributing to digital growth plans, board-level risk management, and innovation strategy. 

But here’s where the narrative begins to crack. 

Enter ENISA: A Sector Under Siege 

The ENISA Threat Landscape: Finance Sector (Jan 2023 – Jun 2024) provides a brutal reality check. This first-of-its-kind, sector-specific analysis revealed: 

• 488 publicly reported cybersecurity incidents in 18 months 

• 46% of all attacks targeted European credit institutions (banks) 

• Hacktivists and geopolitical tensions (especially Ukraine) triggered major waves of DDoS attacks 

• Social engineering, data leaks, ransomware, and malware campaigns caused widespread financial and operational damage 

ENISA doesn’t just highlight attacks—it reveals a system straining at its seams. The most disturbing trend? A crippling shortage of qualified professionals, worsened by chronic stress and burnout. 

WEF vs ENISA: The Talent Crisis in Plain View 

Where WEF sees career opportunity, ENISA sees an exhausted and under-resourced workforce. 

ENISA explicitly identifies cybersecurity workforce shortages as one of the top threats to the sector’s long-term resilience. One standout finding: burnout rates among cybersecurity professionals reach as high as 68%—a staggering figure that signals not just a talent gap, but a systemic risk. 

This contradiction plays out most vividly in the role of the CISO: 

• WEF envisions a strategic leader driving digital growth and governance 

• ENISA sees overwhelmed security leaders navigating geopolitical attacks, regulatory complexity, and staffing deficits—often with minimal support 

Even core defense roles like incident responders, penetration testers, and GRC specialists are understaffed, overstretched, and struggling to keep pace with escalating threats. 

The Rise of Sophisticated Threats 

ENISA’s report breaks down the shifting threat landscape: 

• Social engineering (phishing, smishing, BEC) is now the most common vector, often bypassing technical defenses entirely 

• Ransomware increasingly targets less mature financial entities, exploiting vulnerabilities in supply chains and third-party vendors 

• Banking trojans and mobile malware have surged, with campaigns like Anatsa, Medusa, and Brokewell attacking mobile users at scale 

• Supply chain compromises are becoming an effective way for attackers to breach multiple financial institutions in one strike 

• Threat actors now include state-nexus groups, such as Lazarus, APT29, and politically aligned hacktivist groups like NoName057(16) 

Most alarmingly, operational disruption (not just data loss) was the top consequence in 58% of incidents—jeopardizing banking services, transactions, and financial stability itself. 

Benelux in Focus: A Strategic Yet Vulnerable Hub 

The Benelux region (Belgium, the Netherlands, and Luxembourg) stands at the crossroads of digital leadership and digital risk. As some of the EU’s most digitally advanced economies—with major banking centers and strong regulatory commitments—Benelux nations are: 

• Driving digital transformation in the public and private sectors 

• Leading compliance with NIS2, GDPR, and now DORA 

• Facing acute cybersecurity talent shortages due to increased demand and limited local supply 

Companies are increasingly searching for CISOs and compliance professionals who understand the EU’s evolving regulatory ecosystem—but many of those roles remain unfilled, or worse, are filled by overworked staff juggling multiple mandates with no time for strategic thinking. 

The Bottom Line: A Paradox of Preparedness 

Europe, on paper, is ready for a cybersecurity future. The WEF tells us the jobs are coming. The EU has written the regulations. The economy is digitizing. 

But ENISA reminds us: you can’t defend the digital frontier with a burnt-out army. 

There’s a widening gap between aspiration and capacity—a gap that leaves European financial institutions vulnerable not only to hackers, but to systemic breakdowns in resilience, compliance, and customer trust. 

This is more than a staffing issue—it’s a threat to economic stability.

From Crisis to Capability: Time to Train for Resilience

If the World Economic Forum’s vision is the blueprint for the digital economy, the ENISA report is the inspection report warning of structural weaknesses. Together, they tell a story of transformation—but also of exposure. 

Europe is racing toward a future where cybersecurity isn’t just a department—it’s a core business enabler, a compliance obligation, and a geopolitical shield. But there’s one critical missing piece: the people who can actually do the work. 

This is where theory must meet practice. 

Training Is Not Optional—It’s Strategic 

Bridging the talent gap isn’t about hiring faster. It’s about equipping existing professionals—from IT teams to compliance officers to executives—with the knowledge and frameworks to respond to real threats in real time. 

Whether it’s navigating NIS2’s stricter breach reporting, aligning with DORA’s digital resilience mandates, or building controls for ISO 27001 certification, organizations need professionals who don’t just understand cybersecurity—they live it. 

That’s why at Make Sense, we focus on practical, standards-aligned, and immediately applicable training—tailored for the European context. 

Explore Our Flagship Programs 

Here’s where you start: 

• DORA Lead Implementer Training
  Prepare for the Digital Operational Resilience Act (DORA) with deep insight into ICT risk, testing, governance, and incident reporting. 

• NIS2 Directive Lead Implementer Training
  Learn how to lead NIS2 compliance across organizations, with hands-on guidance on risk management, supply chain security, and reporting duties. 

• ISO/IEC 27001 Lead Auditor Training
  Become an expert in auditing information security management systems—essential for regulatory readiness and vendor assurance. 

• ISO/IEC 27001 Lead Implementer Training
  Designed for leaders building resilient ISMS frameworks, this training equips you to go beyond checklists and create sustainable security programs. 

Final Thought: The Time to Act Is Now 

The next five years will define whether Europe becomes a cybersecurity powerhouse or a regulatory liability. Organizations that invest in capability-building today—through training, upskilling, and smart talent development—won’t just meet compliance deadlines. 

They’ll lead.

Because resilience isn’t just a goal. In the era of digital warfare, it’s your competitive edge.