Europe faces a critical moment in cybersecurity, as reflected in the latest State of Cybersecury 2025 report of Isaca, where it is revealed that two out of three companies in the region continue to have difficulty covering key positions in this area, limiting its defense capacity against an increasingly complex threat panorama.

The mismatch between the speed with which cyber attacks and the rhythm to which organizations manage to strengthen their teams places many companies in a very fragile position.

Cyberats increasing and limited trust

The study points out that almost four out of ten European professionals and cybersecurity have detected an increase in incidents compared to last year, while 27% say they suffer at least the same level of attacks. Despite this scenario, internal trust does not accompany: only 38% of respondents feel totally sure that their organization can detect and respond effectively.

Chris Dimitriadis, Isaca Global CEO, summarizes it clearly: “During the last year, the public has seen first -hand the enormous impact of cyber attacks, with high profile gaps that devastated companies and monopolized holders. At the same time, the total volume of attacks continues to increase, with almost two out of five organizations experiencing more incidents than a year ago.”

The manager warns that the improvements in budgets and hiring are insufficient in the face of the speed of the attackers: “Although organizations begin to recognize the problem and take steps to address historical budget and personnel issues, the rhythm of change is too slow. The reality is that cybercounts move faster than most organizations can answer.”

Almost four out of ten European and cybersecurity professionals have detected an increase in incidents compared to last year, while 27% say they suffer at least the same level of attacks

Labor stress at alarming levels

The growing pressure is also reflected in the health of professionals. 65% indicate the complexity of the threat scene as a key stress factor, and more than two thirds (68%) consider that their work is today more stressful than five years ago. The lack of organizational support aggravates the situation: more than half denounces unrealistic expectations or excessive workloads, while 48% ensure that the balance between personal and professional life has deteriorated.

The problem of exhaustion intensifies because 22% of organizations have not yet taken any measure to prevent it. Thus, security teams face growing responsibilities with resources that advance at a much slower pace.

Retention and Hiring: A bottleneck

The report also emphasizes that more than half of the European companies (52%) have difficulty retaining qualified talent in cybersecurity. Initial level vacancies, which should be a more accessible entry route, are not covered quickly: in almost half of the cases (45%) it takes between three and six months to complete a process.

One of the reasons lies in excessively rigid hiring requirements. Although 55%of respondents values ​​the university degree, a large majority consider professional certifications (84%) or practical training (73%) more relevant. For Dimitriadis, the key is to open more doors: “To build resilience and maintain rhythm in the face of the changing panorama of threats, we must expand the routes of entrance to cybersecurity. By assessing practical training, professional certifications and transferable skills, organizations can strengthen their equipment and relieve pressure on saturated professionals.”

Cybersecurity in Artificial Intelligence: Opportunity and Challenge

In parallel, European cybersecurity teams are being placed in the center of artificial intelligence governance. More than half of the professionals (51%) claim to have participated in the creation of governance frameworks within their organizations, compared to 36% of the previous year. In addition, 46% are already directly involved in its implementation, a remarkable leap compared to 27% in 2024.

The main current applications in cybersecurity include threat detection (29%), endpoint protection (28%) and routine tasks automation (27%). This rapid deployment occurs in parallel to the progress of regulatory frameworks such as the EU’s law or the NIS2 directive, which seek to strengthen digital security and guarantee responsible use of these technologies.

The challenge, however, is not limited to incorporating AI, but to form and train equipment to use it effectively. Dimitriadis raises it as a turning point: “hiring is only the beginning; continuous formation and improvement of skills are critical. Only we will go from a slow and incremental change to real progress, reducing stress and building long -term protection.”

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.