Cybersecurity skills gap forces EMEA firms into risky measures

A new report suggests that most organisations across EMEA are being forced into risky cybersecurity practices due to an ongoing shortage of skilled professionals.

Insight has released research indicating that 64% of organisations within Europe, the Middle East, and Africa (EMEA) now resort to temporary fixes and security workarounds in order to meet increasing demands.

Within the UK, the situation is equally challenging. According to the findings, 67% of UK-based organisations report a cybersecurity skills shortage, with over half describing the effect as either "severe" or "significant." The skills shortfall appears to be most acute at senior levels, with half of respondents highlighting deficiencies in strategic areas such as governance, planning, and risk assessment.

Across the wider EMEA region, just 24% of IT decision-makers state that their organisations have enough in-house cybersecurity skills to keep pace with evolving threats. As a result, 57% of surveyed businesses report that this contributes to delays in key projects or technology initiatives, and the same proportion say they struggle to meet compliance requirements due to a lack of cybersecurity expertise.

Barriers to recruitment

The study identifies the high cost of hiring and training, cited by 68% of IT leaders, as the major barrier to resolving these gaps. In addition, 65% point to a shortage of suitably qualified candidates in the market.

The issue extends beyond recruitment, as the shortage affects not only technical roles but also those within operations, leadership, and compliance. The research concludes that this widening deficit is affecting both the everyday resilience and long-term planning capabilities of organisations.

A strategic concern

The report highlights how the cyber skills gap has turned from a staffing challenge into a wider strategic concern for many organisations. As businesses accelerate their digital transformation processes, a lack of appropriate cyber expertise is said to be undermining leadership confidence in maintaining secure innovation and long-term resilience.

"The answer isn't simply more hires or more tools," said Adrian Gregory, EMEA President at Insight. "What's needed is a fundamental shift in how organisations think about security, from reactive defence to proactive design."

Gregory goes on to assert that strategic change must begin with leadership development. He points out the importance of cultivating leaders who are able to guide both human and machine collaboration, translate technical risks into broader business impacts, and ensure security is embedded throughout all innovation efforts.

"The organisations that will lead in the next era," Adrian Gregory continued, "are those that align strategic talent with intelligent technology and trusted partnerships. It's this blend that builds the resilience required to grow, adapt, and stay ahead."

Regional impact

The UK figures are particularly notable in the report, with more than half of organisations experiencing what they describe as "severe" or "significant" impacts from the shortage. Delays in crucial projects and compliance challenges were both reported at similarly high rates to the overall EMEA average.

The research concludes that until organisations can address both cost and candidate availability issues, many will remain reliant on temporary security measures that may increase their exposure to risk.

These findings provide new quantitative evidence for the scale of the cyber skills shortage across the region, and suggest an urgent need for organisations to rethink their approach to security strategy, training, and leadership development.