Cyber Resilience, skill shortage and augmented capacity through artificial intelligence

Policy makers have recently reached trialogue agreements on the NIS 2 Directive and DORA Regulation (Digital Operational Resilience in the Financial Sector Act). Both pieces of legislation are expected to bring into scope a larger number of companies and increase cybersecurity requirements for others. The European Commission is also preparing a proposal for a Cyber Resilience Act, which will seek to establish cybersecurity requirements for connected products and software (embedded and non-embedded). At the same time, public and private organisations are often outmatched by nation-state cyber threat actors, a trend that became more prominent since the Ukraine war.

These efforts to increase cyber resilience in the EU face among other challenges, the lack of skilled professionals in cybersecurity. Recent studies estimate this gap in the EU in 350,000. units in 2022, but, – the number is only likely to increase once new legislation enters into force and new skills for companies and market surveillance authorities will be required. Overall, cybersecurity needs increase faster than the availability of the workforce that is supposed to fill these needs. How should policy makers and the industry approach these issues?

Some companies have adopted a blend of human expertise powered by AI and machine learning (ML) that has the potential to counterbalance the skills shortage. It delivers high quality services to customers by combining highly skilled individuals with insights gained by AI and ML ,leaving more basic cybersecurity tasks to automated processes. Moreover, it is a way to attract and retain talent by providing professionals with an opportunity to do more “soulful” work and automating the more repetitive awork. In addition, the use of open-source software has been fundamental in shortening software development times, something that is necessary to respond to a rapidly changing cybersecurity environment.

Ensuring a high level of cybersecurity in the EU, in view with global competition for a scarce resource (cybersecurity professionals) will be a prerequisite to the success of the current and pending EU cybersecurity legislation.

At this critical juncture, CEPS to deep dive into these issues, is organizing this event on the 29th of June from 10 to 11.30 am with representatives from the European Commission, European Parliament, the private sector and cybersecurity experts from academia and civil society.