ISC2 Leads Timely Roundtable on Renewing EU Cybersecurity Strategy

To discuss the core components of a renewed EU Cybersecurity Strategy, ISC2 recently convened a timely dialogue with policymakers, cybersecurity experts and industry leaders.

Taking place at the European Parliament in Brussels, Belgium on March 25, 2025, the ISC2-led roundtable marked a pivotal moment, occurring nearly five years after the launch of the EU’s last Cybersecurity Strategy, which was unveiled in December 2020.

Since then, both the geopolitical and technology landscape has dramatically shifted. Technological advances have accelerated exponentially, while cybersecurity threats have reached new heights. The EU recognizes cybersecurity is not just a technical necessity but also a critical strategic enabler. Cybersecurity is part of several European strategic ambitions—from safeguarding democracy to enabling a green transition across the region, from bolstering economic growth to defending against hostile state actors.

Cybersecurity as a Fundamental Lever of Economic Growth

The discussion emphasized viewing cybersecurity as critical infrastructure, essential for boosting Europe's competitiveness and supporting economic growth. Participants argued strongly that cybersecurity should be framed as a competitive advantage for organizations and the wider economy, rather than merely a cost. They also advocated positioning cybersecurity as a market driver, vital to Europe’s economic resilience and global position, reflecting broader EU strategic objectives.

Strengthening Public-Private and Civil-Military Cooperation

The roundtable discussion underscored the urgent need for an agile, future-proof cybersecurity strategy that enables swift responses to emerging risks. Given substantial legislative changes in the EU and elsewhere, rapid technological breakthroughs (in particular relating to AI and quantum computing), and intensified geopolitical threats, closer alignment between civilian and military cybersecurity capabilities was seen as essential. The new strategy should integrate these capabilities, leveraging shared technology and overlapping skillsets to strengthen overall cyber resilience. Additionally, participants underlined the critical role of public-private partnerships (PPPs) in effectively implementing cybersecurity measures, including addressing the cybersecurity skills gap through joint initiatives.

Building a Stronger Cybersecurity Workforce

Participants identified the cybersecurity skills shortage as one of the most pressing obstacles facing the EU today. ISC2’s most recent Cybersecurity Workforce Study revealed a perceived need for a further 300,000 cybersecurity professionals across the EU. This is not the number of unfilled vacancies in the region, but rather the view of practitioners as to the level of additional support needed to fully address current needs and workloads. It is a number that is rising annually.

The roundtable discussion highlighted new angles to address this urgent challenge. Solutions discussed included creating clear pipelines for entry and junior-level cybersecurity roles, along with expanding cybersecurity training into adjacent roles such as legal, compliance, management, HR and policy professionals. Such initiatives would strengthen organizational cybersecurity posture and create new talent streams, in addition to the familiar IT-to-cybersecurity route.

Participants also stressed the importance of skills portability—promoting industry-backed, globally recognized certifications that enable movement of talent across sectors and between EU member states. This approach could rapidly alleviate pressure from skills shortages, reduce workforce deficit and make the profession more attractive to newcomers.

Streamlining Legislation to Reduce Complexity

Implementation of critical cybersecurity legislation, notably NIS2, the Digital Operational Resilience Act (DORA) and the Cyber Resilience Act (CRA), is posing significant challenges. Fragmented approaches by member states create complex operational burdens, particularly affecting smaller organizations with limited resources. The complexity of global supply chains further complicates compliance and reporting obligations.

Participants called for a renewed EU Cybersecurity Strategy to also serve as an overarching coordinating framework, setting a clear vision to guide and align future cybersecurity legislation and implementation. This would mean promoting streamlined regulatory approaches, reducing administrative burdens and harmonizing obligations. Clear guidelines and unified frameworks across member states were identified as essential to ensure consistent, coherent and effective cybersecurity policy across the EU.

ISC2’s Role: Convening Dialogue and Connecting Global Insights to Policy

As a convener, ISC2 brings together a diverse community of stakeholders to facilitate strategic dialogue on cybersecurity policy and to advocate for our members. By raising topical questions and creating space for open exchange between institutional and industry voices, ISC2 helps frame the issues, surface priorities and support collaborative exploration of solutions.

As a thought leader, ISC2 contributes invaluable, real-world expertise drawn directly from cybersecurity professionals across all sectors, levels, and functions—from junior practitioners to managers, CISOs and senior policymakers. With more than 40,000 members in the EU alone, this practitioner perspective offers a unique and essential lens. It ensures that policy discussions remain closely connected to operational realities and implementation challenges.

ISC2 also brings a strong global perspective, informed by its advocacy work across jurisdictions such as Australia, Canada, Singapore, the U.K., the U.S. and others. This international outlook helps policymakers connect the dots—recognizing shared challenges across borders, anticipating trends and drawing from a wider pool of experience. This allows us to shape and support more coherent and forward-looking approaches.

Driving Forward: A Call for Coordinated Action

Participants agreed the EU must act decisively to formalize the process of developing a renewed cybersecurity strategy. ISC2 urges European institutions to swiftly initiate this formal process, ensuring that the voice of the industry, especially of the cybersecurity professionals is heard, valued and incorporated from the outset. Only by closely aligning strategic goals with evidence-based insight and practical, real-world expertise can Europe effectively strengthen its cybersecurity posture for the future.

Related Insights

• ISC2 Welcomes the EU Action Plan for the Cybersecurity of Hospitals and Healthcare Providers
• EU Cyber Solidarity Act – What You Need to Know
• Understanding the European Cyber Resilience Act