Addressing the Cybersecurity Skills Shortage in Lithuania: Policy Insights from the United Kingdom

Cybersecurity has become a critical challenge to policy as cyber threats continue to increase in frequency, sophistication, and societal impact, exposing the growing vulnerability of the critical infrastructure supporting vital societal functions. Globally, these risks are heightened by a persistent shortage of skilled cybersecurity professionals, which, in Europe, threatens the effective implementation of the Union’s Network and Information Security Directive 2 (NIS2) concerned with the enhancement and harmonization of the cybersecurity level across Member States, notably in terms of their critical infrastructure and involved entities. This article examines the cybersecurity skills landscape across the European Union (EU), with a specific focus on Lithuania, using the United Kingdom (UK) as a strategic benchmark subject. Adopting a comparative case study approach, the study explores and discusses governance arrangements, education and training pathways, labour-market dynamics, and quality-assurance mechanisms shaping cybersecurity workforce development. Technical, organisational, and transversal skills required to prepare an effective cybersecurity workforce in a rapidly evolving labour landscape are also discussed. Findings reveal that Lithuania faces an acute shortage of advanced practitioners and limited alignment between education provision, labour-market needs, and regulatory requirements. In response, the article proposes policy-informed strategies adapted from the UK’s structured and professionalised cybersecurity skills model, explicitly mapped to NIS2 workforce and capability requirements. Identified strategies emphasise the need of coordinated action across schools, higher education institutions, government, industry, and the wider community. Potential enablers and constraints for the operationalization of the identified strategies are further analysed and discussed. The study aims to contribute to ongoing policy debates by demonstrating how a strategic context-sensitive selection and adaptation of key components in established skills frameworks can support the development of a sustainable national cybersecurity skills ecosystem and enhance long-term digital resilience, not only in Lithuania but also in other Member States across the EU.