1. Key insights for building a skilled cyber security workforce in Europe
This chapter provides an overview of the report’s objectives and rationale and summarises the main takeaways. It discusses the results from the analyses of the demand for cyber security professionals in France, Germany and Poland. It also summarises the main findings from the analysis of the landscape of cyber security education and training programmes in France. It concludes with actionable policy pointers.
Cyber security breaches are a significant threat to governments, businesses, and individuals worldwide. As economies transition towards increased use of digital and online technologies, cyber risks are often greater than can be managed by traditional approaches to data security. The spectrum of dangers has expanded, ranging from disruptions in the supply chain to sophisticated ransomware attacks. In addition, responses to the COVID-19 pandemic have accelerated society's dependence on digital technology, especially through the rapid adoption of remote work to sustain operational continuity for businesses, schools, and various services during lockdowns. However, the extensive embrace of remote work has exposed individuals and organisations to unparalleled cyber security threats (World Economic Forum, 2022[1]). As a substantial portion of the workforce now operates remotely or adopts hybrid work models, cybercriminals gain heightened opportunities to exploit vulnerabilities in digital security measures. Similarly, the advent of artificial intelligence (AI) in cyber security has transformed the threat landscape, leading to more sophisticated and adaptive cyber threats, which may impact the skill content of training programmes and national cyber skills policies. Governments around the world are aware of the heightened risk, and the European countries which are focus of this report (France, Germany and Poland) all have national strategies and policies to improve their nations’ cyber security (Box 1.1).
A workforce shortage compounds these cyber security challenges. While the cyber security workforce has reached an all-time high, with an estimated 5.5 million professionals already employed, a global shortage of 3.9 million workers is still estimated in this field ((ISC)2, 2023[2]). According to an assessment from the International Information System Security Certification Consortium (ISC)² (2023[2]) Europe faces a deficit of over 347 000 cyber security professionals. In France for instance, a shortage of nearly 60 000 cyber security experts was estimated in 2023. According to these estimates, France, together with Ireland are the only European countries with a decrease in the cyber security workforce gap year over year1 ((ISC)2, 2023[2]). Additionally, the demand for professionals in sectors which are relevant for the cyber security sector (e.g. digital, engineering and maths-related occupations) has increased recently in France, Germany and Poland (see Chapter 2). This increase signals the impact of digital innovation, digital sector expansion and the increase of digital hubs, which will all lead to a broader need for cyber security professional across multiple sectors.
Within individual countries and specific sectors, the lack of cyber security professionals can be even more pronounced due to intense competition for the limited number of employees. This often results in certain sectors, such as governments and central banks, struggling to attract highly skilled security professionals compared to other sectors, like the finance industry, which can offer more financially rewarding employment opportunities (ENISA, 2021[3]). Additionally, organisations such as ENISA (the European Union Agency for Cyber Security) have issued warnings regarding the shortage of cyber security skills in the broader labour market, not just a lack of cyber security professionals (ENISA, 2021[3]), which also highlights the increasing demand of professionals with updated knowledge on broader areas such as cyber security legal and policy frameworks (ENISA, 2023[4]). Effective training in cyber security at all levels is key to overcome both the shortages of professionals and the limited knowledge of cyber security of the general population.
In addition to the points mentioned above, the current cyber security workforce faces a significant diversity challenge. Women constitute only 24% of the global cyber security workforce ((ISC)2, 2022[5]). This figure is even lower in France (17%), partly due to the small proportion of women trained in the information and communication technology (ICT) field overall. Among OECD countries, some like Israel (53%), Norway (31%), Canada (28%), and Sweden (27%) have a higher percentage of women among ICT graduates. The representation remains low at the bachelor's level; for instance, in France in 2021, women made up just 17% of ICT graduates (see Chapter 3). This underrepresentation not only reduces the available talent pool for key roles in cyber security but also limits diversity in thought and perspective (Grau-Sarabia and Fuster-Morell, 2021[6]), which are vital for tackling complex cyber threats and challenges. Therefore, it is crucial to focus on attracting, recruiting and retaining more women in the field, as this will help access a broader talent pool and address the shortage of skilled professionals in the industry.
Collaborative initiatives between the private and public sectors can contribute to equip the cyber security workforce with rapidly evolving skills. Some initiatives are already underway, notably through developing cyber security ecosystems (i.e. network of entities and technologies collaboratively enhancing digital security and resilience against cyber threats). An example is the French Cyber Campus, which serves as a hub for cyber security expertise and collaboration, bring together businesses, government entities, academia, and research institutions to tackle cyber security challenges. In partnership with the National Information Systems Security Agency (Agence nationale de la sécurité des systèmes d'information, ANSSI). Similarly, governments within the European Union (EU) have developed a common skills framework and regional strategies to address the cyber security skills shortage (ENISA, 2023[7]). These initiatives, including the French Cyber Security Strategy, align with broader European efforts such as Horizon Europe and the Digital Europe Programme, aiming to establish a unified cyber security skillset across the EU (European Commission, 2023[8]). In terms of co-ordination of existing initiatives in the EU, in 2023, the EU Cyber Security Skill Academy launched the Cyber Skills Academy, a co-ordinated approach to boost the EU cyber security workforce and address the cyber security talent gap in the region (EC, 2023[9]). Similarly, the European Cyber Security Competence Centre and Network (ECCC), Europe’s new framework to support innovation and industrial policy in cyber security, is an ecosystem aimed at increasing the capacities of the cyber security technology community, shielding the economy and society from cyberattacks, maintaining research excellence, and reinforcing the competitiveness of the EU industry in this field (ECCC, 2024[10]).
The speed of digital innovation and proliferation of cyber threats have pushed the French, German and Polish governments to develop national cyber security strategies (NCSs) to overcome these fast-evolving cyber security challenges. The governments intend to economically stimulate the cyber security sector, strengthen the cyber security workforce, increase the development of cyber security solutions within their own countries, and strengthen the governments resilience against cyber threats. The French Government, for instance, has allocated EUR 1 billion to help boost the cyber security sector as part of the “France 2030” initiative, with EUR 720 million stemming from public funding (French government, 2023[11]).
Both Germany and Poland have integrated the national strategy for cyber security with their most recent broader national security strategies (Government of Poland, 2020[12]; Federal government of Germany, 2023[13]). These integrated strategies are about security in all its facets, one of which is security in cyber space. The goals of the Polish strategy include enhancing resilience against cyber threats, strengthening defensive capabilities and improving information protection in public, military, and private sectors. The German strategy aims to actively modernise the governments cyber security infrastructure and enhance its capabilities in order to defend Germany against cyberattacks.
What this report is about
Understanding the supply and demand dynamics in the cyber security labour market is crucial to tackle skill shortages. This understanding helps organisations and governments pinpoint critical weaknesses and allocate resources effectively. One way of looking into the demand for labour is by utilising online job postings (OJPs). These offer valuable insights into demand trends and key skills needed for a secure cyber environment, while analysis of cyber security education and training programmes sheds light on workforce development in this sector.
This report represents the third major output of an extensive project aimed at deepening the understanding of the cyber security workforce and the corresponding education and training provision across multiple regions and countries (see Box 1.2). Each report of this project, including the current one, is divided into two parts. The first analyses the demand for cyber security professionals leveraging the information contained in OJPs. The second examines the supply side: the landscape of cyber security education and training programmes. In particular:
The analysis of the demand for cyber security professionals in the labour market leverages big data intelligence to identify trends in employers’ demands through an examination of both the volume and content of these new postings published online by firms seeking to hire cyber security workers. The current report focuses on the demand for cyber security professionals in three European countries: France, Germany and Poland.
The analysis of the supply of training options in cyber security takes a deep dive into the policies and strategies implemented to broaden and diversify the cyber security workforce. Each report delves into a single case study country for this supply-side analysis. This report focuses on France.
The rationale of the project
As the demand for cyber security professionals’ soars globally, labour market shortages are emerging. This project aims to provide policymakers and businesses with timely, detailed insights into the demand and supply of cyber security skills, drawing from global best practices. It leverages OECD’s expertise to identify key roles and skills in global markets for a secure digital infrastructure. The initiative also reviews how various national education systems develop these skills and promotes a forum for discussing best practices and future skill needs in cyber security.
The structure of the project
The project is segmented into three components that blend big data intelligence with policy analysis to examine the demand and supply of cyber security skills, as well as the policies and strategies in place to grow and diversify the cyber security workforce, thereby addressing cyber security skill deficits. Each of these three parts zeroes in on a different group of countries (see Figure 1.1), investigating three to five countries for the demand-side analysis and a single country for an in-depth case study on the supply side. This is the third OECD report of three segments that will be synthesised for these analyses. The first report was published in March and the second in September of 2023 (OECD, 2023[14]; OECD, 2023[15]).
Methodology
Using big data to understand cyber security skills demand in three countries
The analysis of big data, and in particular the study of the information contained in OJPs have become instrumental in tracking labour market developments, playing a pivotal role in providing insights into job demand and industry trends (OECD, 2022[16]; OECD, 2023[17]). Increasingly, research on labour market dynamics relies on real-time big data to better capture recent trends and gain insights at a more granular level than what would be possible with more traditional labour market data. In order to conduct a timely and comprehensive analysis of the demand for cyber security professionals, this report utilises data extracted from nearly 82 million online job advertisements sourced from three selected countries: France, Germany, and Poland.
Specifically, this report examines trends in the demand for cyber security professionals between January 2018 and June 2023. Employing text mining and Natural Language Processing (NLP) techniques, the report classifies cyber security job postings and extracts key information used to analyse job requirements, including desired roles and skills and makes it possible to gain insights into evolving employer needs. The aim is to monitor labour market dynamics, identify trends, and inform tailored policies and training programmes to meet the evolving demands of the European cyber security labour market.
A case study to zoom in on strategies for cyber security education and training provision
The report also focuses on the availability of education and training options in the cyber security field in France. Notably, the approaches to cyber security education and training programmes in France exhibit a diverse range of designs, reflecting the unique needs and policies of the country. This report aims to provide insights into how France can develop, deliver, and promote education and training for cyber security roles. It presents a comprehensive case study of the French system, detailing programmes, policies, and initiatives that could inspire other countries developing their cyber security education sectors. The French approach includes formal education programmes at undergraduate levels and below (e.g. professional baccalaureate and advanced technician qualification, BTS) and non-formal training such as continuing education programmes and certificate training. This report also looks into advanced qualifications in cyber security, such as a master’s degree, since employers consider them highly important for cyber security roles. Additionally, it reviews strategies for expanding the cyber security workforce in France, particularly those facilitating access for newcomers. The analysis is based on national data, literature and interviews with key stakeholders in the French education and cyber security sectors.
The demand for cyber security professionals is on the rise in France, Germany and Poland
The demand for cyber security professionals is experiencing a robust and increasing trend across all three countries, especially in the period after the peak of the COVID-19 pandemic. Notably, growth rates for cyber security OJPs surpass those for other occupations. In Poland, in particular, the demand for cyber security professionals stands out for its rapid post-February 2020 growth, surging three times as fast as the average for other occupations. Cyber security-related OJPs in France and Germany experienced growth rates 40-30% higher, respectively, than those for other professions. This accelerated growth has led to an increased share of cyber security job postings compared to the total number of OJPs in the three countries analysed in the report. Specifically, Figure 1.2 shows that cyber security OJPs accounted for, in average, 0.32% of all OJPs advertised in 2023, a significant increase compared to the same share in 2018 (0.22%). While the demand for cyber security professionals is strong in the three countries, the faster growth experienced in Poland signals that relatively smaller markets for cyber security professionals have tended to grow faster compared to more developed markets, such as Germany, suggesting a rapid expansion of cyber security demand across countries.
Source: OECD calculations based on Lightcast data.
Results also highlight the varied demand for different types of cyber security professionals. Across the countries analysed, the core of the demand is for cyber security architects and engineers, who account for 38% to 45% of total cyber security OJPs from January 2018 to June 2023. These professionals are responsible for designing and modelling security solutions. Other cyber security-related roles are important and represent a significant share of the demand. Cyber security auditors and advisors (who offer guidance on the efficiency and compliance of security solutions) accounted for 17.4% of the overall demand in Germany, a figure significantly higher than in Poland and France.
However, the demand for different roles within the cyber security profession has shifted in the last few years, a fact that underscores that the cyber security job market is evolving, reflecting the adoption of new technologies and priorities by firms. For example, both France and Germany have seen an increase in the demand for cyber security analysts, individuals providing insights to support planning, operations, and maintenance of systems security.
The majority of cyber security OJPs are concentrated in the main cities in France, Germany, and Poland, where key enterprises and government hubs are located. Notably, 61% of cyber security OJPs in these countries are located in metropolitan areas. This share is 1.7 times higher compared to the proportion of all OJPs located in cities (36%). This trend underscores a significant concentration of cyber security roles in metropolitan settings, influenced by industries like finance, technology, and professional services, which typically thrive in metropolitan settings due to the availability of skilled talent, robust infrastructure, and market demand.
An analysis of enterprises’ requirements mentioned in OJPs shows that a typical candidate for a cyber security job needs a tertiary education. This result is consistent across the three countries analysed. In France, employers more often prefer candidates with a master’s degree, whereas a bachelor’s or equivalent is more commonly sought after in Germany and Poland. Additionally, a significant portion of job postings in France (28.1% of those with explicit education requirements) specifically asks for short-cycle tertiary education leading to degrees known as “brevet de technicien supérieur” (BTS) or before 2020, the “diplôme universitaire de technologie” (DUT). Beyond formal requirements, approximately 30% to 35% of job postings do not explicitly mention education requirements (see Chapter 2), potentially suggesting an emphasis on experience and informal education as signals of cyber security skills, rather than a strict reliance on formal degrees.
Regarding the most highly sought after skills for cyber security professionals, proficiency in programming and familiarity with various software and digital tools are crucial across the three examined countries. Furthermore, skills such as knowledge of ICT security legislation and standards, and information security strategy skills rank among the most in-demand in Germany and France.2 Shifting the focus to professional skills, employers who sought to hire cyber security professionals in France and Germany prioritise conceptual thinking, expertise in spreadsheets, and a grasp of business processes, while in Poland there is a distinct emphasis on project management and public speaking.
An examination of the demand for cyber security skills among all OJPs reveals a trend towards the cyber-related skill demands becoming increasingly specialised in between 2019 and 2022. In other words, the mentions of cyber-related skills in OJPs have tended to concentrate in a narrower set of cyber and technical occupations in France and Germany, pointing to the profession becoming more specialised. In Poland, possibly due to the very large surge in demand, cyber security skills (in particular the mention of “cyber security” in OJPs) has permeated a larger number of different job postings as the market was expanding in terms of its complexity and roles demanded by firms.
The provision of cyber security education and training programmes in France is diverse
The case study for France illustrates that there are diverse educational and training pathways leading to cyber security roles, offering opportunities for progression (see Figure 1.3). Formal cyber security education programmes is accessible at various levels, encompassing upper secondary education (mainly through vocational and technological baccalaureate), short-cycle tertiary programme, and higher education. Notably, enrolment in cyber security programmes has been increasing, particularly in higher education, especially in bachelor’s programmes (License), reflecting the labour market requirements (see Chapter 2). Basic cyber security skills are also being integrated into upper secondary education, including in Vocational and Technological Baccalaureate courses. These courses span a range of professional and technological fields, focusing on ICT topics. Education and training opportunities in this field also encompass work-based learning programmes, such as apprenticeships in cyber security at various educational levels, enabling learners to develop practical skills on the job.
Note: Formal education, which leads to formal qualifications such as advanced technician qualifications (Brevet de technician supérieur, or BTS), includes courses and programmes offered by universities, technological, professional and technical institutions. For this study, programmes at the master’s level and above are excluded from the analysis. Non-formal education and training include courses outside the formal education system and not leading to formal qualifications (but awarding certificates in some cases), such as certificate training.
Complementing these formal cyber security qualifications, young people and adults in France can also participate in non-formal training. This type of training is usually shorter and more flexible than programmes in the formal education system. They may lead to certificates but do not confer formal qualifications. Various organisations offer professional certificates or qualifications, providing targeted instruction and practical experience. The recent surge in demand for specialised ICT skills, such as cyber security, has led to a significant expansion in other forms of short courses, like specialised training modules available through continuing education. In 2021, approximately 40 400 institutional certificates were awarded, which is nearly double the number from 2010, when just over 24 000 were offered. Learners can also engage with certificate training programmes that provide streamlined, practical training culminating in industry-recognised credentials (e.g. ISO 27001 Lead Auditor or Certification-ISO27001 in Cyber Security Fundamentals) which are also highly required by employers (see Chapter 2). Additionally, multiple online courses contribute to the non-formal training landscape in the digital field. In the realm of cyber security, nearly 10 100 courses were available on France’s most popular e-learning platforms (see Chapter 3). These courses offer flexible and accessible learning opportunities, enabling individuals to acquire expertise quickly and efficiently, and in some cases at no cost.
The cyber security skill gap is being addressed through multiple policies and initiatives (see Chapter 3). Industry involvement in the programme delivery has been crucial in providing work-based learning opportunities in the sector. Apprenticeships have enhanced graduates’ employability by establishing strong connections with specific companies and industries, often resulting in immediate permanent job placements. Similarly, employers’ close connection with training providers has been key in bringing cyber security professionals into the teaching workforce. Regulations have permitted and encouraged experienced professionals to enter the teaching profession, either as contractual or substitute teachers, without needing a national examination, providing a flexible solution to address fluctuations in demand and challenges arising from tenured teacher shortages.
In France, expanding and diversifying cyber security education and training programmes is key to addressing the growing demand for skilled professionals in this rapidly evolving field. Emphasis is placed on diversifying enrolment, particularly by increasing female participation. Strategies range from ensuring job postings, including those in cyber security, are gender-inclusive, to implementing national campaigns to break down role stereotypes in the field. Additionally, the availability of a wide range of formal and non-formal education options in cyber security contributes to providing training opportunities that can cater to the diverse needs of learners and the industry.
Multiple initiatives have been implemented to increase the socio-economic diversity within the cyber security profession. Higher education programmes offered by University Institutes of Technology, including BTS, BUT, and professional bachelor’s programmes, play a significant role in diversifying the social backgrounds of future cyber security professionals. For example, progression routes for graduates of vocational or technological baccalaureates have been established, with quotas facilitating these transitions to some disadvantage students. In BTS programmes, the quota varies, but typically around two-thirds of entrants are graduates of vocational and technological baccalaureates. For BUT programmes, half of the places are reserved for graduates of a related technological baccalaureate. Specifically, in cyber security, a pathway exists for graduates of the “Sciences and Technologies of Industry and Sustainable Development” technological baccalaureate to progress into a BUT programme in “Networks and Telecommunications.”
Policy pointers for building a skilled cyber security workforce
The insights derived from the analysis of the demand for cyber security professionals in France, Germany and Poland and the detailed analysis of the cyber security education and training in France underscore diverse opportunities for these countries to tackle labour and skills shortages in the sector.
Providing structured and comprehensive information on cyber security roles and skills
The cyber security profession is constantly evolving, based on the evolution of cyber risk. This also changes employers’ needs, which creates a challenge for individuals seeking to enter the cyber security labour market for and training institutes who want to create new training programmes in understanding demands for certain cyber security roles and skill requirements. Collaboration is needed across employers, educators, governments and learners to create a structured and comprehensive characterisation of the cyber security profession to reduce shortages in the cyber security labour market. Current initiatives to monitor indicators of the evolution of cyber security labour markets exist, providing insights on the supply of cyber security professionals. ENISA, in co-operation with the EU Commission, has made progress in developing indicators to track progress in EU Member States to increase the number of cyber security professionals (EU Monitor, 2023[18]).
Enhancing collaboration among stakeholders in the cyber security sector is crucial for effective skills anticipation (OECD, 2016[19]). France, for instance, has invested heavily in skills anticipation in multiple sectors, by establishing a centralised platform for data sharing and analysis, involving public authorities, chambers of commerce, sector organisations, and educational institutions, which can streamline the process (CEDEFOP, 2023[20]). This centralisation reduces fragmentation and improves the accuracy of identifying current and future skill requirements. Additionally, developing standardised methodologies for skills assessment and updating training programmes accordingly will ensure that the workforce remains equipped to address evolving cyber security challenges. Such a co-ordinated approach will facilitate more efficient allocation of resources and better prepare workforces for the demands of the cyber security sector.
Raising employers’ awareness, especially among SMEs, about the significance of a skilled cyber security workforce in mitigating cyber risks is crucial. Adherence to cyber security frameworks and standards is key, as it offers essential guidance, best practices, and a common language for both organisations and professionals. The European Cyber Security Skill Framework (ECFS), that was launched in 2022, is a practical choice, providing a unified understanding of the necessary roles, competencies, skills, and knowledge in cyber security. It facilitates the recognition of cyber security skills and supports the design of related training programmes. Utilising a shared framework enables countries to develop comprehensive cyber security strategies, provide a better understanding of common ground of cyber security roles within and beyond the profession, and improve the provision of training and education.
Governments can aim to promote cyber security as a viable and exciting career path, by providing educational resources, showcasing a variety of roles within the sector, and engaging students in interactive learning experiences. This can for instance be done by using initiatives such as The Tomorrow Cyber Specialist (DemainSpécialisteCyber) developed by the Ministry of Education and Youth (MENJ), which seeks to break down stereotypes and encourage more people to enter the cyber security profession, thereby helping to secure France's digital future.
Giving visibility to cyber security education and training programmes
Integrating cyber security technical skills into digital-related training programmes can enhance cyber security awareness and skills across all digital sector professions. Initiatives such as CyberEdu, an ANSSI label to signal education programmes that integrate cyber security elements, expand cyber security skills into a broader spectrum of educational offerings, including vocational, technological and general baccalaureate programmes and work-based learning opportunities.
Clear pathways for graduates from cyber security programmes (e.g. CyberEdu-certificated programme) to either enter the labour market or advance to higher qualifications, such as professional bachelor’s programme, or obtain industry-recognised certifications, will enhance their employability and provide opportunities for more in-depth cyber security training.
Signalling high-quality education and training is key in cyber security. High-quality labels like SecNumedu benefit institutions by attracting learners and boosting prestige, while ensuring learners receive up-to-date, in-depth training. Holding a SecNumedu-accredited certificate enhances employment prospects in the competitive cyber security industry, valued by employers seeking qualified candidates.
Boosting employer participation in the design and delivery of cyber security programmes
Integrating work-based learning like internships and apprenticeships into cyber security education programmes effectively links industry and academia. This not only arms graduates with relevant skills but often leads to job placements. Strong partnerships between educational institutions and employers across sectors are essential to create diverse, practical learning environments.
Enhancing cyber security education quality can be achieved by integrating experienced industry professionals into the teaching workforce. This requires relaxing regulatory requirements to allow these professionals to serve as contractual or substitute teachers without traditional examination processes. Tertiary education programmes commonly use industry experts as part-time teachers alongside full-time teacher-researchers, reflecting this approach’s effectiveness.
Joint applied research projects and flexible teaching models, pairing full-time academics with industry professionals, enhance cyber security education by blending theory with practice. Leveraging initiatives like Campus Cyber for knowledge exchange ensures educational programmes stay current with industry developments. This approach keeps teaching content and methodologies updated in line with the rapidly evolving cyber security sector.
Diversifying the profile of cyber security professionals
Offering flexible learning schedules is essential for diverse cyber security education pathways. Institutions should implement hybrid models blending online and in-person teaching, tailored to both traditional and apprentice learners. This adaptable approach ensures an inclusive, efficient environment for all students pursuing cyber security careers.
Enhancing quotas and transition programme in technology-focused universities and engineering schools for vocational or technological baccalaureate graduates promotes student diversity. This strategy includes reserving places for these graduates, especially high achievers, and offering support like bridging programme and mentorships. It diversifies the socio-economic mix in advanced cyber security education and improves student success in rigorous academic settings.
Boosting socio-economic diversity in cyber security can be achieved by expanding vocational and technological baccalaureates among disadvantaged students. This involves increasing funding, developing cyber security-focused curricula, and promoting these paths in underprivileged communities. Strengthening the link to higher education in cyber security and lowering access barriers to the profession will also facilitate a smoother transition for these students into the workforce.
Targeted educational and professional development initiatives are crucial for expanding gender diversity in the cyber security profession. Expanding mentorship programmes, where experienced female cyber security professionals guide and support young women, is key. Such mentorship should encompass career planning, skill development, and networking opportunities.
Box 1.3 highlights interesting practices put in place in France aimed at expanding and diversifying the cyber security workforce.
France has implemented multiple initiatives and strategies to expand and diversify its cyber security workforce. Efforts focus on improving coordination between the industry and training providers, enhancing the responsiveness of educational programmes, and facilitating their provision. Strategies also aim to improve the image of cyber security roles and increase interest in the sector, particularly among women and young people. Key practices include:
Les cadettes de la cyber (Les Cadettes de la Cyber, 2021[21]): Launched by the Cyber Excellence Centre, this programme fosters young women’s careers in cyber security through mentorship, training in cyber geopolitics, managerial skills, and public speaking. It facilitates job transitions with internships, job dating sessions, and personalised coaching, and empowers cadettes to be ambassadors at events and on social media.
Campus Cyber (Campus cyber, 2023[22]) A national initiative serving as a hub for cyber security expertise, it brings together businesses, government, academia, and research to address cyber security challenges. It focuses on fostering innovation, knowledge exchange, and addressing the shortage of qualified educators through partnerships and scalable training solutions.
The French National Acceleration Strategy for Cyber security (Gouvernement, 2021[23]), Supported by significant investment, this strategy aims to enhance cyber defences and digital security. Goals include increasing the cyber sector’s turnover, doubling jobs, supporting cyber security unicorns, and promoting cyber security culture and research. Educational integration at all levels and public awareness campaigns are central to this strategy.
Higher education institutions have expanded apprenticeship opportunities in cyber security, offering practical experience alongside academic learning. Businesses value apprentices for fresh perspectives and building a tailored talent pipeline, with varied candidate profiles influenced by educational backgrounds and recruitment cycles.
The SecNumedu label, awarded by the French National Agency for the Security of Information Systems (ANSSI), identifies high-quality specialised programmes in cyber security, meeting rigorous training standards. It enhances the prestige of educational institutions and guarantees students a quality education, improving employment prospects. The label concerns engineering and master’s programmes and some professional bachelor’s degrees.
“TomorrowCyberSpecialist” (DemainSpécialisteCyber) (MENJ, 2023[24]), launched in 2023 by ANSSI, MENJ, and Campus Cyber, is a French national campaign to address the cyber security skill gap. Aimed at middle, high school, and post-secondary students, it seeks to raise cyber security awareness and highlight career diversity in the field, encouraging interest among young girls and boys. This initiative is part of a broader effort to familiarise students with various professions.
The CyberEdu label (CyberEdu, 2023[25]), established by ANSSI, marks education programmes in France that integrate cyber security. This initiative, following the 2013 Defense and National Security White Paper, aims to weave cyber security awareness into all digital-related training. CyberEdu certifies various programmes, from vocational baccalaureates to short-cycle tertiary qualifications, focusing on cyber security competencies.
References
[2] (ISC)2 (2023), 2023 Cybersecurity Workforce Study, https://www.isc2.org/Research (accessed on 15 January 2024).
[5] (ISC)2 (2022), 2022 Cybersecurity Workforce Study, https://www.isc2.org/Research (accessed on 15 January 2024).
[22] Campus cyber (2023), concept: Réunir les acteurs de la sécurité numérique au sein d’un lieu totem pour protéger la société et faire rayonner l’excellence française du domaine, https://campuscyber.fr/.
[20] CEDEFOP (2023), Skills anticipation in France, https://www.cedefop.europa.eu/en/data-insights/skills-anticipation-france#group-details.
[25] CyberEdu (2023), Le projet, https://www.cyberedu.fr/pages/le-projet/.
[9] EC (2023), Cybersecurity Skills Academy: a coordinated approach to boost the EU cyber workforce, https://digital-skills-jobs.europa.eu/en/cybersecurity-skills-academy.
[10] ECCC (2024), European Cybersecurity Competence Centre and Network - About us, https://cybersecurity-centre.europa.eu/about-us_en.
[4] ENISA (2023), Communication on the Cybersecurity Skills Academy, https://digital-strategy.ec.europa.eu/en/library/communication-cybersecurity-skills-academy.
[7] ENISA (2023), European Cybersecurity Skills Framework (ECSF), https://www.enisa.europa.eu/topics/education/european-cybersecurity-skills-framework.
[3] ENISA (2021), Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education, https://www.enisa.europa.eu/publications/addressing-skills-shortage-and-gap-through-higher-education/ (accessed on September 2023).
[18] EU Monitor (2023), Closing the cybersecurity talent gap to boost the EU’s competitiveness, growth and resilience (’The Cybersecurity Skills Academy’), https://www.eumonitor.eu/9353000/1/j9vvik7m1c3gyxp/vm2dme2qmizc.
[8] European Commission (2023), Shaping Europe’s digital future, https://digital-strategy.ec.europa.eu/en/activities/digital-programme.
[13] Federal government of Germany (2023), Robust. Resilient. Sustainable. Integrated Security for Germany - National Security Strategy, https://www.nationalesicherheitsstrategie.de/National-Security-Strategy-EN.pdf (accessed on November 2023).
[11] French government (2023), Communique de Presse - France 2030 | Le Gouvernement lance une nouvelle vague de l’appel à projets pour, https://www.economie.gouv.fr/files/files/2023/communique_AAP_cybersecurite.pdf (accessed on November 2023).
[23] Gouvernement (2021), Un plan à 1 milliard d’euros pour renforcer la cybersécurité, https://www.gouvernement.fr/actualite/un-plan-a-1-milliard-d-euros-pour-renforcer-la-cybersecurite.
[12] Government of Poland (2020), National Security Strategy of the Republic of Poland 2020, https://www.bbn.gov.pl/ftp/dokumenty/National_Security_Strategy_of_the_Republic_of_Poland_2020.pdf (accessed on November 2023).
[6] Grau-Sarabia, M. and M. Fuster-Morell (2021), “Gender approaches in the study of the digital economy: a systematic literature review”, Humanities and Social Sciences Communications, Vol. 8/1, https://doi.org/10.1057/s41599-021-00875-x.
[21] Les Cadettes de la Cyber (2021), Les Cadettes de la Cyber est un programme du Pôle d’Excellence Cyber (PEC), https://les-cadettes-de-la-cyber.org/qui-sommes-nous/.
[24] MENJ (2023), Lancement de la campagne nationale “DemainSpécialisteCyber” pour faire découvrir la cybersécurité et ses métiers, https://www.education.gouv.fr/lancement-de-la-campagne-nationale-demainspecialistecyber-pour-faire-decouvrir-la-cybersecurite-et-379968.
[17] OECD (2023), Big Data Intelligence on Skills Demand and Training in Umbria, OECD Publishing, Paris, https://doi.org/10.1787/4bbbbfd6-en.
[14] OECD (2023), Building a Skilled Cyber Security Workforce in Five Countries: Insights from Australia, Canada, New Zealand, United Kingdom, and United States, OECD Skills Studies, OECD Publishing, Paris, https://doi.org/10.1787/5fd44e6c-en.
[15] OECD (2023), Building a Skilled Cyber Security Workforce in Latin America: Insights from Chile, Colombia and Mexico, OECD Skills Studies, OECD Publishing, Paris, https://doi.org/10.1787/9400ab5c-en.
[16] OECD (2022), Skills for the Digital Transition: Assessing Recent Trends Using Big Data, OECD Publishing, Paris, https://doi.org/10.1787/38c36777-en.
[19] OECD (2016), Getting Skills Right: Assessing and Anticipating Changing Skill Needs, Getting Skills Right, OECD Publishing, Paris, https://doi.org/10.1787/9789264252073-en.
[1] World Economic Forum (2022), Global Cybersecurity Outlook 2022, https://www.weforum.org/reports/global-cybersecurity-outlook-2022/.
Notes
← 1. Among six European countries for which the cyber security workforce gap was estimated (France, Germany, Ireland, Netherlands, Spain and United Kingdom).
← 2. This partially reflects the decision to include keywords that are associated with the EU’s General Data Protection Regulation as part of the classification of cyber security skills, given the importance of this regulation in this geographical area.