European cybersecurity teams face escalating cyberattacks amid slow progress in readiness and response capabilities
Cyberattacks across Europe are rising, fast. Over the past year, nearly 40% of IT and cybersecurity professionals have seen an increase in attacks hitting their organizations. That’s the kind of trend that doesn’t just demand attention; it calls for serious, focused action. But here’s the problem: most organizations aren’t ready. In fact, only 38% of professionals feel completely confident in their organization’s ability to detect and respond to a cyber incident.
That gap, between rising threats and limited readiness, is what’s creating real pressure inside these teams. Most professionals are under significant stress, and 65% point to the complexity of the threat landscape as a top cause. It’s not just more attacks, it’s more sophisticated methods, evolving faster than most companies can keep up with. This isn’t about panic. It’s about pace. Cyber criminals are moving quickly, and most businesses are lagging behind.
If you’re in the C-suite, this isn’t just a security issue. It’s a performance issue. When your teams are overwhelmed, the risks scale directly into operations, brand trust, and regulatory consequences. And the truth: cybersecurity isn’t going to slow down. We either evolve systems and talent fast or deal with the fallout soon.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, says the public is already seeing what these breaches can do, disrupting businesses, crushing trust, taking over headlines. He’s right. It’s no longer “if” an organization will be targeted; it’s “when.” That doesn’t mean panic. It means being deliberate. This is the right time to invest in better cybersecurity frameworks, smarter people, and faster systems, not just to bounce back from an attack, but to protect competitive edge and customer trust before one hits.
Persistent staffing shortages and underfunding continue to hinder cybersecurity effectiveness
Cybersecurity doesn’t fail because threats are smarter. It fails when teams aren’t resourced well enough to defend, adapt, and scale. Across Europe, most organizations are still running behind on staffing and budgets. ISACA’s latest report shows 58% of cybersecurity professionals say their organizations are still understaffed, only a 3% improvement from last year. A move in the right direction, sure, but nowhere near fast enough.
Funding isn’t improving much either. Over half, 54%—say their cyber budgets are still below what’s needed. Cyber teams are being asked to do more while receiving barely enough to cover core operations. When that becomes normal, systems fall behind, people burn out, and security gaps widen.
This pressure is mounting, fast. A full 68% of professionals say their jobs are more stressful now than five years ago. That’s not a subjective problem, it’s operational strain. Over half report unrealistic expectations or excessive workloads. Nearly half mention poor work-life balance. And 36% say there’s a lack of modern skills or training in their teams. Most concerning, 22% of organizations have taken no action to prevent burnout. That leads to high turnover, lower performance, and higher risk exposure.
If you’re leading a business, this is where you pay attention. Investing in cybersecurity is a top-line strategic move. You get what you fund. Slight gains aren’t enough when the threat curve is exponential. It’s about speeding up, not catching up.
Challenges in talent retention and recruitment impede the growth and effectiveness of cybersecurity teams
Talent remains one of the biggest blockers in cybersecurity. It’s not just about hiring, keeping skilled professionals in the job is proving just as hard, if not harder. According to ISACA’s latest data, 52% of professionals close to their organization’s hiring processes say they’re struggling to hold onto qualified cybersecurity staff. The problem goes deeper during hiring cycles, where entry-level roles, meant to be low-barrier, are taking three to six months to fill in 45% of organizations.
This isn’t about lack of applicants. It’s about outdated expectations. While 55% of organizations still prioritize university degrees, the reality is shifting fast. Most professionals in the field, 84%—put more value on certified skills, not academic credentials. And 73% say hands-on training is the real differentiator. Yet many hiring processes still filter out capable candidates based on resumes, not ability.
For executives looking to scale their cybersecurity function, this is a wake-up call. If your recruitment model is overly rigid, you’re shrinking your own talent pipeline. The most capable candidates today may not have followed a textbook path, but they can still defend systems, understand threats, and handle pressure. What matters now is adaptability, not formality.
To unlock scale, companies need to move toward broader, more inclusive hiring approaches, certification-driven, skills-tested, and focused on practical impact. But it can’t stop there. Retention hinges on continued growth. Without upskilling, your best hires will look elsewhere. That’s what drives long-term strength, keeping the people you’ve trained and developed inside your business, not losing them to competitors moving faster.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, emphasized this shift clearly: “To build resilience and keep pace with the evolving threat landscape, we must widen the pathways into cybersecurity… Recruitment is only the start; continuous training and upskilling are critical.”
There is an increasing integration of artificial intelligence (AI) in cybersecurity governance and operations
AI is moving from concept to operational reality across European cybersecurity teams. Over half, 51%, of professionals surveyed in ISACA’s 2025 report are now actively contributing to their organization’s AI governance frameworks. That’s a significant jump from 36% last year. On the implementation side, 46% are directly involved in deploying AI within cybersecurity workflows, up from 27%.
This isn’t happening in the background. AI is now part of core operations. It’s being used to detect threats faster, secure endpoints, and automate tasks that drain time but offer little strategic value. The acceleration is clear, and necessary. With threats growing more complex, organizations don’t just benefit from using AI, they depend on it to stay ahead.
But this brings new risks. As more decision-making is handed off to intelligent systems, governance has to become more defined. Without strong oversight, AI-powered systems can introduce vulnerabilities, especially when regulations haven’t caught up. That’s why involvement in AI governance matters. It’s not just about what these systems can do; it’s about how they operate, where the data flows, and what safeguards are in place.
Executives need to take this seriously. You can’t afford blind spots when AI is plugged into essential defense layers. Proactive governance and ongoing upskilling are nonnegotiable. Regulators are already moving. The EU AI Act and NIS2 are coming online. The UK has its own legislation in development. If companies don’t get ahead now, they’ll be stuck reacting later, under pressure, in motion, and off-balance.
AI can be a force multiplier for cybersecurity, but only if it’s deployed with control and clarity. That starts with leadership prioritizing talent, oversight, and coordination between AI and security teams. These aren’t back-office tools anymore, they’re frontline infrastructure.
Key takeaways for leaders
- Escalating attacks outpace preparedness: Cyberattacks are increasing across Europe, yet only 38% of professionals feel confident in their response capabilities. Leaders should prioritize faster detection and response readiness to prevent operational and reputational damage.
- Under-resourcing remains a critical blocker: Over half of cybersecurity teams are still understaffed and underfunded, contributing to burnout and higher risk. Executives must align investment levels with the actual scale of threats to ensure teams are equipped and sustainable.
- Talent strategy is misaligned with today’s realities: Retaining skilled staff is difficult, and rigid hiring practices are slowing the pipeline for new talent, especially in entry-level roles. Decision-makers should modernize hiring criteria and expand training paths to build resilient teams.
- AI is growing fast but requires control: Use of AI in cyber operations has jumped significantly, yet governance and compliance risks remain. Leaders should double down on AI governance, legislation readiness, and continuous upskilling to ensure secure, scalable implementation.
