Executive summary

The digital transformation has heightened the need to implement effective cyber security measures across all European countries. The increasing reliance on digital technologies, accelerated by the rapid adoption of remote work in response to the COVID-19 pandemic, necessitates a strategic focus on cyber security and the development of a skilled workforce capable of addressing potential threats. Despite employment levels in cyber security being at an all-time high, analyses of the field show that there is still a substantial workforce gap, with Europe alone facing a shortage of over 300 000 professionals.

This report analyses the evolution of the demand for cyber security professionals using recent data from millions of online job postings (OJPs) collected in France, Germany and Poland for the period between January 2018 and June 2023. The demand for cyber security professionals is experiencing an increasing trend across all three countries. Notably, growth rates of job postings published on line for cyber security surpass the average growth of other occupations. In Poland, in particular, the demand for cyber security professionals stands out for its rapid post-February 2020 growth, surging three times faster than that for other occupations. The analysis delves into employers’ demands, by looking at the most frequently requested characteristics in candidates for a cyber security role. The study reveals that firms look for candidates with tertiary education, a trend consistent across France, Germany, and Poland. In France, for instance, candidates with a master's degree are often preferred, while in Germany and Poland, a bachelor’s degree or equivalent is more common in the demands of employers. Notably, in France, about 28.1% of job postings with explicit education requirements seek candidates with short-cycle tertiary education, specifically a “brevet de technicien supérieur” (BTS) or the pre-2020 “diplôme universitaire de technologie” (DUT). Interestingly, 30% to 35% of job postings do not specify educational qualifications, indicating an increasing emphasis on experience and informal education as indicators of cyber security competence.

Key skills sought in cyber security professionals include programming proficiency and familiarity with various software and digital tools across all three countries examined in the report. In Germany and France, knowledge of ICT security legislation, standards, and information security strategy skills are highly valued. Similarly, transversal skills such as conceptual thinking, spreadsheet expertise, and business process understanding are typically in high demand, whereas in Poland, there is a notable focus on project management and public speaking skills. The analysis also indicates that the demand for cyber security skills advertised in online job postings has become more specialised in between 2019 and 2022, being concentrated in a narrow set of technical and cyber occupations in France and Germany.

The report also explores the available supply of training opportunities in cyber security, zooming in on the landscape of education and training programmes in France and the policies and strategies to enhance the accessibility and relevance of these programmes. The study shows that, in France, cyber security education and training is multifaceted, ranging from courses focusing on basic awareness for the general public to advanced technical training for specialised roles. The focus of this study is on the learning opportunities for entry-level positions provided by formal and non-formal training programmes. The formal education supply is diverse including programmes at different levels of education such as vocational and technological baccalaureates, short-cycle tertiary programmes (e.g. Brevet de Technicien Supérieur, BTS), and academic and professional bachelor’s level (e.g. Bachelors universitaires de technologie, BUT). Advanced degrees in this field are particularly relevant in France, including engineering programmes and specialised master’s degrees, reflecting the high demand for highly skilled cyber security professionals. The programmes responding to this demand include both programmes that specifically focus on cyber security and programmes with a slightly broader focus, which include cyber security in their curriculum or as an area of specialisation (e.g. system engineering, information security, information systems management, ethical hacking, network security and information auditing).

France provides a wide array of non-formal cyber security training for young people and adults, distinct for its practical focus and shorter duration. Offered by a diverse mix of private companies, industry associations, and online platforms, these programmes can last from a few weeks to months, leading to highly-valued certifications. They cover foundational and advanced cyber security topics, aligning with industry standards and certifications. Notable examples include the Continuing Education Programmes (Formation continue) and Certificate Training (Formation certifiante), designed for professionals enhancing their skills or transitioning into cyber security. France offers many courses on line, which broadens access to foundational and specialised training.

Multiple policies and initiatives have been implemented to reduce cyber security skill gap. Industry involvement in the programme delivery has been crucial in providing work-based learning opportunities in the sector. Apprenticeships have enhanced graduates’ employability by establishing strong connections with specific companies and industries, often resulting in immediate permanent job placements. Similarly, employers’ close connection with training providers has been key in bringing cyber security professionals into the teaching workforce. Regulations have permitted and encouraged experienced professionals to enter the teaching profession, either as contractual or substitute teachers, without needing a national examination, providing a flexible solution to address fluctuations in demand and challenges arising from tenured teacher shortages.

Diversifying cyber security education and training programmes is key to addressing the growing demand for skilled professionals in this rapidly evolving field in France. Emphasis can be placed on diversifying enrolment, particularly by increasing female participation. Strategies range from ensuring job postings, including those in cyber security, are gender-inclusive, to implementing national campaigns to break down role stereotypes in the field. Additionally, the availability of a wide range of formal and non-formal education options in cyber security contributes to providing training opportunities that can cater to the diverse needs of learners and the industry. France is enhancing socio-economic diversity in cyber security through higher education programmes like BTS, BUT, and professional bachelor’s degrees, with quotas and progression routes for vocational or technological baccalaureate graduates, particularly in pathways like “networks and telecommunications.”

Legal and rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

© OECD 2024

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at https://www.oecd.org/termsandconditions.