Germany is grappling with a severe shortage of cybersecurity professionals amid a dramatic rise in cyberattacks, which inflicted unprecedented financial damage of €202.4 billion in 2024, as revealed in a recent study by Strategy&, the global business division of PwC.
Rising cyber threats and declining applications
According to the survey findings, an alarming 90% of organizations reported a lack of cybersecurity specialists, a significant increase from two-thirds in the previous year. Lucas Sy, a Partner at Strategy& Germany and the study’s author, highlighted the urgency of the situation:
“If we want to secure Germany’s digital resilience, we need to act now and pull out all the stops.”
The study also underscores the persistent threats posed by foreign actors, particularly from Russia and China. Sinan Selen, president of the German Federal Office for the Protection of the Constitution, BfV, emphasized that the intensity of cyberattacks from Russian entities has escalated over the years, posing a serious risk to national security.
Impact on public sector recruitment
Cyberattacks inflicted a total damage of €267 billion on German entities in 2024, with approximately €179 billion attributed directly to these attacks. Other factors contributing to this staggering figure included data theft and various forms of espionage.
In the realm of recruitment, the study found that only half of the public sector job postings for cybersecurity roles received more than ten applications, with over a quarter of organizations reporting a decline in interest. Moreover, more than two-thirds of respondents indicated that candidates often did not fully meet essential qualifications, particularly concerning cybersecurity standards and data protection knowledge.
The study reveals that the most critical shortages lie in security-sensitive roles, particularly risk management, with 57% of participants identifying a significant gap in management positions necessary for recognizing and responding to cyber threats. Financial limitations are also a major barrier; 78% of public sector organizations cited budget constraints as a primary reason for recruitment cancellations, compared to 48% in the private sector. The report further indicated that low compensation is a major factor driving staff turnover.
Sy remarked on the critical state of public sector cybersecurity, stating, “Urgently needed experts often switch to tech companies that offer significantly more attractive salaries.” Only around 20% of organizations are proactively leveraging artificial intelligence to alleviate staffing shortages.
Andreas Lang, Director at Strategy& Germany, stressed the need for incentives such as bonuses and allowances to retain talent. He noted,
“Routine tasks in the cybersecurity sector can be made more efficient through outsourcing and automation, thus freeing up highly specialised professionals.”
Lang warned that without strategic interventions, including enhanced compensation and international recruitment efforts, critical security roles will remain difficult to fill. He cautioned that
“if the state does not strengthen its cyber expertise, the ability of entire institutions to act will be at stake in the worst case scenario, and with it Germany’s digital resilience.”