Published on
Germany lacks cybersecurity specialists to counter a surge in attacks that caused record damage of €202.4 billion in 2024, according to a study by Strategy&, a global business unit of PwC.
Nine out of 10 organisations surveyed reported a shortage of specialists, up from two-thirds in 2023, the analysis found.
“Last year alone, German air traffic control, the Federal Statistical Office and the Society for Eastern European Studies were the target of cyberattacks from abroad,” said Lucas Sy, Partner at Strategy& Germany and author of the study.
“If we want to secure Germany’s digital resilience, we need to act now and pull out all the stops.”
Russia and China pose a particular threat, according to Sinan Selen, president of the German Federal Office for the Protection of the Constitution, BfV. “Germany has been a target of Russian actors for years, with increasing intensity,” he said.
Cyberattacks caused damage totalling €267 billion to German organisations in 2024, according to digital association Bitkom. Cyberattacks accounted for around €179 billion of that total, with the remainder caused by theft of data and IT equipment, and by analogue and digital espionage and sabotage.
Meanwhile, only half of public-sector job advertisements for cybersecurity specialists attracted more than 10 applications per position, Strategy& found. More than a quarter of organisations surveyed reported a decline in applications.
More than two-thirds of organisations said candidates only partially or did not meet requirements. Knowledge of cybersecurity standards or data protection is often insufficient, according to the study.
Risk management in peril the most
The greatest shortage is in security-critical roles such as risk management, with 57% of respondents reporting the most significant gap in management positions designed to recognise or respond to cyberattacks.
Financial constraints also hamper recruitment: 78% of public sector organisations cited financial reasons as the leading cause of cancellations, compared with 48% in the private sector. Low or poor pay remains the most critical driver of staff turnover after recruitment, the report found.
“The situation in the public sector is particularly critical,” Sy said. “Urgently needed experts often switch to tech companies that offer significantly more attractive salaries.”
Only around 20% of organisations are making strategic use of AI to mitigate staff shortages, according to the study.
Andreas Lang, Director at Strategy& Germany, said bonuses and allowances must be used to stop the exodus to the tech industry.
“Routine tasks in the cybersecurity sector can be made more efficient through outsourcing and automation, thus freeing up highly specialised professionals,” Lang said.
Sy warned that without measures such as targeted bonuses, better pay classifications or international recruitment, bottlenecks in security-critical areas would persist.
“If the state does not strengthen its cyber expertise, the ability of entire institutions to act will be at stake in the worst case scenario,” Lang said, “and with it Germany’s digital resilience.”