The European market potential for cybersecurity products and services

The European cybersecurity market is growing. Growth is fuelled by a big rise in cyberattacks and the rollout of new cybersecurity regulations. The most promising markets for cybersecurity products and services are the United Kingdom (UK), Germany, France, the Netherlands, Sweden and Poland. Important trends driving demand include the ongoing digital transformation across sectors, the quick expansion of the Internet of Things (IoT), the adoption of artificial intelligence (AI), and the growing need for advanced authentication solutions.

Because of the growing shortage of skilled cybersecurity professionals in Europe, companies are hiring professionals from abroad. Cost reduction is another important reason why European companies outsource cybersecurity. As prices in nearshore markets are rising, this creates opportunities for providers from developing countries. Among the sectors that offer opportunities in the most promising markets are SMEs (cross-sector), manufacturing and industry 4.0, fintech, and retail and e-commerce.

1. Product description: cybersecurity

Cybersecurity means technologies, practices, processes and policies that are used to prevent or soften the risk and impact of cyberattacks. Cybersecurity protects systems, software, devices, data and networks from digital attacks and unauthorised access. The goal of these cyberattacks is often to access, change or destroy valuable information, systems or devices. Other goals are extorting money or interrupting business processes of everyday life. Cybersecurity is also known as computer security or information technology security (IT security).

While cybersecurity can be segmented in various ways, it is often divided into cybersecurity services and cybersecurity solutions. Cybersecurity services include professional services (consulting) and managed security services. They also include trainings such as:

• Firewall management;
• Intrusion detection system (IDS) and intrusion prevention system (IPS) management;
• Governance;
• Risk assessment;
• Vulnerability management services;
• Incident detection and response;
• Penetration testing;
• Regulatory compliance consulting.

Cybersecurity solutions prevent, detect and respond to digital attacks and unauthorised access. The solution segment consists of hardware and software solutions. Examples are:

• Network security solutions;
• Firewalls;
• Endpoint protection (antivirus);
• Identity Access Management (IAM);
• Data security;
• Encryption solutions.

Figure 1: Types of cybersecurity services and solutions

Source: Globally Cool

The complexity of these solutions has grown a lot over the past years. They have proven to work for preventing threats and attacks, such as malware, Trojans, and phishing. The success of these solutions has led to fast development of the cybersecurity industry. Implementing technical defences has become a standard best practice.

There are many types of information security applications, suites and platforms, including:

• Antivirus;
• Back-up and recovery;
• Information encryption;
• Data security platforms;
• IAM;
• Mobile security applications;
• Firewall;
• Spyware removal.

These applications can provide a specific service or, when used together, combine multiple services, interfaces and dashboards. There are solutions available for on-site implementation, cloud delivery, or use as a managed service.

2. What makes Europe an interesting market for cybersecurity products and services?

The European market for cybersecurity is expected to show strong growth. This growth is driven by the rise and growing complexity of cyberattacks. It is also helped by implementation regulatory frameworks such as the General Data Protection Regulation (GDPR), the Network and Information Systems (NIS) Directive and the Cybersecurity Act. Besides this, there are numerous projects started by European governments and major vendors operating in the market.

In 2023 and 2024, the European Union (EU) saw an increase in cybersecurity attacks, in both variety and number of incidents. The consequences of these attacks are also becoming more and more severe. Also, ongoing regional conflicts are shaping the European cyberattack landscape and upcoming European elections are further amplifying cyberthreats. The adoption of technologies such as AI, machine learning (ML), and blockchain ensures interesting opportunities for market growth.

Increasing demand for cybersecurity products and services

In 2025, the European cybersecurity market will probably reach €67 billion. This is an increase of 12.4% compared to the previous year. The market is expected to grow to  €172 billion by 2033. This means a compound annual growth rate (CAGR) of 12.4%. Demand for cybersecurity is growing, driven by the rising frequency and cleverness of cyberattacks across the region. According to ENISA, between July 2023 and June 2024 the EU experienced 11,079 reported cyber incidents.

The most common threat type was DoS, DDoS and RDoS, making up 46% of all cases. This was followed by ransomware attacks (27%) and data-related threats (16%). The most frequently targeted sectors included public administration (19%), transport (11%), banking and finance (9%), business services (8%), digital infrastructure (8%) and the general public (8%). These figures highlight the urgent need for strengthened cyber defences across both the public and private sector in Europe.

For the long term (2030), there are several emerging cybersecurity threats in the EU that are expected to have an impact. Below is the top-5:

• Supply chain compromise of software dependencies;
• Skills shortage;
• Human error and exploited legacy systems within cyber-physical ecosystems;
• Exploitation of unpatched and out-of-date systems within the overwhelmed cross-sector tech ecosystem;
• Rise of digital surveillance authoritarianism/loss of privacy.

Another key factor in the growing demand for cybersecurity in Europe is the introduction of new European regulations and directives, such as the Cyber Resilience Act (CRA), NIS2 Directive and Digital Operational Resilience Act (DORA). Although these regulations are meant to strengthen overall cybersecurity across the EU, they are also catalysts for market expansion. Their implementation will demand scaling across multiple areas of cybersecurity. This will create opportunities for growth within the sector.

Cybersecurity professionals: Skills shortage and hiring challenges

In 2024, the EU faced an estimated shortage of 299,000 cybersecurity professionals, an increase of 9% compared to 2023. The shortage is expected to keep growing. Companies in Europe need to scale up their cybersecurity teams to meet new EU regulations like the NIS2 Directive, the CRA and DORA.

According to a 2024 Eurobarometer survey on cybersecurity, over half of the companies looking for cybersecurity professionals found it difficult to find the right candidates. Their main challenges were finding qualified candidates and a lack of applicants.

Source: Eurobarometer, 2024

The most important cybersecurity role in EU companies is chief security/information officer. This is followed by security training experts, incident response handlers, and emergency and crisis management experts.

Source: Eurobarometer, 2024

Looking at cybersecurity skills, carrying out working-life practices of data protection and privacy issues is seen as the most important.

Source: Eurobarometer, 2024

To fill the gap, companies in Europe try to hire cybersecurity specialists from abroad. For service providers from developing countries, both cybersecurity services and solutions provide opportunities. However, both market segments come with challenges around trust and compliance.

In the long term, the EU will have to deal shortages in the ICT sector. The Cedefop labour and skills shortage index highlights future workforce challenges, using a scale from 1 (no shortage) to 4 (intense shortage). For ICT professionals, the index shows a demand shortage level of 4. This means there is an intense shortage.

Cost reduction

Using advanced cybersecurity solutions is expensive. The cybersecurity budget for a mid-size European company (with less than 250 employees or a turnover up to €50 million) might be up to €500,000. This is why cost reduction remains an important reason for European companies to outsource cybersecurity to providers abroad. Specialists in developing countries normally cost less per hour than those in Europe. The lack of the right skilled staff in Europe increases the cost of the available specialists. This is an advantage for outsourcing companies in developing countries.

Cost savings are not the only reason for outsourcing. Growing skill shortage and rising regulatory compliance pressures are driving the demand for third-party providers as well. This could make nearshoring and offshoring more attractive. Be aware, however, that if your offer is ‘too cheap’, European buyers may assume that it is too good to be true and that your quality is low.

Nearshoring countries want to keep their prices competitive

Prices in nearshore countries are rising. This makes service providers in these countries less competitive than offshore service providers. Some nearshore countries also face skill shortages. This means that, if providers based in Central and Eastern Europe (CEE) work with you, they could keep the price low and fill their skill gap. This can offer you opportunities.

When outsourcing abroad, European companies prefer providers in nearshore locations because of proximity, language, cultural similarities, and the minimal time difference.

Traditionally, the buyer markets for cybersecurity are Western and Northern European countries. The most popular nearshoring locations for companies in these countries are CEE countries. EU countries are particularly attractive, as contracts and payments are governed and protected by the same legislation as in the buyer countries.

3. Which European countries offer the most opportunities for cybersecurity products and services?

The most promising European markets for cybersecurity products and services are the UK, Germany, France, the Netherlands, Sweden and Poland. There are various factors you can think about if you are looking for European countries with the most opportunities for cybersecurity products and services, such as:

• Market size and growth rate of the cybersecurity sector;
• Shortage of cybersecurity professionals;
• High digital maturity;
• Strong regulatory pressure on cybersecurity;
• Government investment in national cyber strategies;
• Large concentration of enterprises and critical infrastructure;
• Openness to offshore outsourcing.

Figure 5: Selected promising European markets for cybersecurity products and services

Source: Globally Cool

The UK, Germany and France are the largest markets for cybersecurity in Europe. The UK and Germany are the most targeted countries for cyberattacks, at 25% and 18%, respectively, of all incidents in Europe.

The Netherlands and Sweden are smaller but interesting markets. The Netherlands is known as Europe’s cybersecurity hub. Sweden has a high digital maturity, a big increase in cyberattacks, and a strong demand for cybersecurity professionals. Poland is a small market, but it is expected to show the highest growth in the next 5 years (+7.4%).

Table 1: Market size and growth rate of the selected European cybersecurity markets

Source: Statista statistics on cybersecurity for the UK, Germany, France, the Netherlands, Sweden and Poland

United Kingdom: Europe’s biggest cybersecurity market

The United Kingdom (UK) is the largest cybersecurity market in Europe, with a total revenue estimated at €10.36 billion in 2025. This market is expected to grow at a CAGR (compound average growth rate) of 6.3% in 2025-2030. Cybersecurity solutions are in high demand in the UK, driven by a rise in cyber threats and government efforts to enhance national digital security.

In 2024, the UK had around 2,165 cybersecurity companies, up from 2,091 in 2023. The sector is dominated by micro enterprises (56%), followed by small (18%) and medium-sized (16%) firms. Most are based in London and the South East region. There are around 67,300 full-time equivalents (FTEs) working in cybersecurity-related jobs, an 11% increase from the previous year.

Many companies in the sector (68%) are dedicated cybersecurity providers. This means they focus only on delivering cybersecurity products or services. Among all firms, 59% offer cybersecurity services, 26% provide cybersecurity products, and 12% operate as Managed Security Service Providers (MSSPs). The most commonly offered solutions include cyber professional services, information risk assessment and management, and network security.

Source: Perspective Economics

In the UK, cybersecurity outsourcing is most common in the public sector. 61% outsource at least one element. Among UK companies, 38% outsource cybersecurity tasks. Below is a breakdown of the most commonly outsourced functions by UK organisations.

Table 2: Top-5 cybersecurity functions outsourced by UK organisations

Source: UK Government, Department for Science, Innovation & Technology, 2024

In the UK cyber sector, only 26% of companies report that there are technical skill gaps among current employees. But this figure rises to 47% when assessing job applicants. The main skill shortages are found in the following technical areas:

• Digital forensics;
• Secure system development;
• Cryptography and communication security;
• Security testing;
• Secure system architecture and design;
• Incident response;
• Cyber threat intelligence.

Of all European markets, the UK is the most open to offshore outsourcing and the least cautious about doing business with developing countries. This openness is due to the nation’s cost-saving business culture and historical ties to many countries across the globe.

Germany: Europe’s largest economy

Germany is Europe’s biggest economy. With a population of over 84 million, it makes up 19% of the EU’s total population. German companies are steadily investing more in advanced threat detection and prevention technologies. In 2025, the country’s cybersecurity market will probably generate €6.87 billion in revenue, making it the second-largest cybersecurity market in Europe. Between 2025 and 2030, the market is expected to grow at a CAGR of 5.5%.

The country’s main industries include the automotive, electrical, and chemical sectors. These rely on software more and more to optimise production, improve products, and remain competitive. If we look specifically at cybersecurity, the sectors that offer the most opportunities include energy and critical infrastructure, fintech, SMEs (cross-sector), and manufacturing and industry 4.0. Industry 4.0 refers to smart manufacturing. This means that companies integrate new technologies like AI, cloud computing and Internet of Things (IoT) into their operations.

Also, the German government is investing in internet security solutions to secure its high volume of confidential data and information. However, the market is nearing saturation, and there is strong competition from both local and foreign companies.

Although its size makes Germany an interesting market, companies are less open to offshore outsourcing than in countries like the UK and the Netherlands. However, as German businesses continue to face skills shortages and become more experienced in offshoring, their attitude towards it is improving.

There could be some language barriers when providing outsourcing services to Germany. This is because companies generally prefer to work and collaborate in German. Generally, you need an intermediary in Germany to communicate with existing or potential clients for you.

When offering your cybersecurity products and services to German businesses, having knowledge about BSI IT-Grundschutz, KRITIS and ISO 27001 is recommended. Having a strong track record with EU-based clients under the General Data Protection Regulation (GDPR) is also very valuable. Experience in securing Operational Technology (OT) and Industrial Control Systems (ICS) is an advantage too, especially in industrial and critical infrastructure sectors.

The Netherlands: cybersecurity hub in Europe

The Netherlands is an important IT hotspot. Over half of Fortune 500 companies maintain IT operations in the Netherlands. The Netherlands is also an important cybersecurity hub in Europe. Europe’s largest security cluster – The Hague Security Delta (HSD) – is based in the Netherlands. It is a cluster of over 300 companies, governmental organisations and knowledge institutions that work together on innovative cybersecurity solutions.

Other important organisations in the Netherlands are Europol’s European Cybercrime Centre (EC3) and the Global Forum on Cyber Expertise (GFCE). GFCE is an international platform dedicated to improving cyber capacity and expertise worldwide. It brings together more than 250 members and partners from across the globe. The National Cyber Security Centre (NCSC) oversees digital security in the Netherlands.

In 2025, the Dutch cybersecurity market reached a revenue of €2.64 billion. The revenue is expected to increase with a CAGR of 5.5% in 2025-2030, reaching €3.44 billion by 2030. The Netherlands is becoming a global leader in cybersecurity. The growth is driven by a strong legal framework and its innovative startup landscape.

The country is facing growing digital threats, and cyberattacks are getting more diverse and complex. The main digital threats Dutch companies faced in 2024 include:

• Ransomware attacks (121 attacks in 2024): most companies that suffered from a ransomware attack did not have basic security;
• Supply chain attacks: this includes attacks on suppliers and software vendors. These attacks are complex and have a big impact on the supply chain;
• Vulnerabilities in commonly used software: cybercriminals take advantage of vulnerabilities in widely used systems like operating systems or software applications to infiltrate corporate networks.

There is a shortage of experienced cybersecurity professionals, including developers, ethical hackers and forensic investigators. Salaries are rising rapidly as well. This makes it more and more difficult for end users to manage cybersecurity in-house. The result is that more companies are outsourcing their cybersecurity needs to specialised companies and IT service providers.

There is also growing demand for integrated services, including IT services. This is why Managed Service Providers (MSPs) are buying cybersecurity companies or forming partnerships to offer these combined solutions.

The sectors with the most cybersecurity opportunities in the Netherlands include logistics and maritime, fintech and SMEs (cross-sector).

France: Growth in cybersecurity startups and AI integration 

The French cybersecurity market reached revenues of €5.23 billion in 2025. The market is expected to grow to a total revenue of €6.7 billion in 2030, at a CAGR of 5.1%. Growth is driven by government support and investment, and an increase in cybersecurity startups. Île-de-France is the main hotspot for cyber innovation. Other evolving regions for cybersecurity are Brittany and Hauts-de-France.

The French Cybersecurity Innovation Radar shows that the French cybersecurity ecosystem continues to grow. There are 180 cybersecurity startup companies and 46 scale-ups. An important driver for the market is AI. 53% of the startups have incorporated AI into their businesses. Some startups have included AI at their core, offering cutting-edge solutions in AI security. Other companies either redesigned their products with AI to automate and speed up their cybersecurity actions or use AI to simplify product use (like assisting users with chatbots).

The same study highlights the need to show credibility and resilience, which are key components of a successful growth strategy. In France, certifications or patents help establish credibility. Examples of certifications obtained by French companies are ISO 27001, Certification de Sécurité de Premier Niveau (CPSN), SOC 2 (Type 1 or 2) and France Cybersecurity. Although half of the French scale-ups hold at least one cybersecurity certification, only 15% of startups have achieved the same.

Some cybersecurity French companies are Cybedefend, Cybi, Hackuity, Sesame it and Dattak.

France’s cybersecurity ecosystem is supported and coordinated by a number of organisations and associations, like:

• ANSSI: the French Cybersecurity Agency;
• Campus Cyber: a cybersecurity campus that brings together national and international actors in the field of cybersecurity;
• Hexatrust: an association that brings together French and European companies active in cybersecurity, cloud confidence and the digital workplace;
• Clusif: an association for cybersecurity and digital trust in France.

When serving the French market, you should have French-speaking team members in your organisation, because French is the preferred business language. This is especially true for SMEs and the public sector. Larger companies and startups might use English, but this is not always the case.

The sectors with the most cybersecurity opportunities are healthcare, the public sector, retail and e-commerce, industrial and energy, and fintech, finance and insurance.

Sweden: Strong demand for cybersecurity professionals in the coming years

Sweden's cybersecurity market is growing. Revenues are expected to climb from €1.32 billion in 2025 to €1.72 in 2030. This is a CAGR of 5.3%, driven by the country’s strong focus on innovation and its dedication to protecting critical infrastructure. Rising geopolitical tensions have intensified Sweden’s focus on cyber defence even more.

In 2024, 53% of Swedish companies found it difficult to fill vacancies for ICT specialists. According to Tech Sverige, 8 out of 10 member companies are finding it challenging to attract the right talent. This also goes for IT security specialists. Tech Sverige estimates an expected need for about 40,000 specialists in the tech industry for 2024-2028.

The skills that are expected to show the strongest demand include:

• AI science and data science;
• IT security;
• System and other architecture;
• Information security.

80% of tech companies expect the demand for IT security skills to grow by at least 5%. In 71% of the cases, they expect a similar increase for information security. Tech Sverige estimates that there are around 2,035 information and IT security experts working in the tech sector. But in the next 3-5 years 805 more experts are needed – an increase of 40%. The most in-demand IT security skills include expertise in intrusion detection and prevention, followed by database security and wireless security expertise.

Factors that increase the need for cybersecurity professionals in Sweden include:

• Digitalisation: businesses increasingly adopt digital technologies; 
• Regulatory requirements: new national and EU-level cybersecurity regulations create more demand for specialised skills;
• Rising cyber threats: there has been a strong increase in cyberattacks. Ransomware has been a great threat in recent years. 

Because of the skills gap, Swedish companies are more often turning to international talent. Cost levels are often highly important in selecting partners, creating opportunities for developing countries. For 2024-2029, the Swedish outsourcing market is expected to achieve a CAGR of 8.6%. In cybersecurity, make sure to focus on offering advanced security solutions, including threat detection and incident response.

One of Sweden's most important technology events is the Stockholm Tech show. It shows a wide range of innovations across sectors like AI, big data, data centres and cybersecurity. One highlight is the Cloud & Cyber Security Expo. CyberSec Nordic is another major event dedicated specifically to cybersecurity.

Poland: May need offshore partners to keep up with demand

Within Central and Eastern Europe (CEE), Poland is a major player in the software development industry. Poland’s strong IT infrastructure and supportive government policies create an attractive business environment. The country attracts a lot of foreign investments. Global companies have invested billions of dollars in the Polish Digital Valley, new data centres and expansions to Polish offices. The main IT hubs in Poland are Warsaw, Krakow, Wroclaw, the Tri-City region, Poznan and Katowice.

The Polish cybersecurity market reached a revenue of €794.50 million in 2025. For 2025-2030, the CAGR is estimated at 7.4%. Although the Polish cybersecurity market is smaller than the other potential European markets, it shows the strongest CAGR in the prediction. Growth is driven by rising cyber threats and a growing demand for solid cybersecurity measures. Because of an increase in cyber threats targeting the tech industry, there is a high demand for cybersecurity professionals.

To meet the demand from its flourishing software industry, Poland may increasingly need to turn to offshore partners. As the country has the highest hourly rates for developers in CEE, Polish software companies can actually save quite some costs by outsourcing some development tasks or projects to you.

4. Which trends offer opportunities or pose threats in the European cybersecurity products and services market?

Currently, important trends in the European cybersecurity market are digital transformation, IoT, AI and strong authentication methods.

Securing digital transformation: key EU priority

Digital transformation refers to the use of new, fast, and frequently changing digital technology to solve problems. Non-digital or manual processes are digitalised, and existing digital processes are modified and improved to keep up with new needs and possibilities. Digital transformation is also known as DT or DX.

Digital transformation is a key priority for the EU. With the policy programme Europe’s Digital Decade, the EU sets concrete targets and objectives for the long term in areas like:

• Digital transformation of businesses. For example, 75% of the EU companies should use cloud computing services, AI or big data by 2030;
• Digitalisation of public services. For example, by 2030 100% of EU citizens should have access to secure electronic identification (eID) means;
• Skills. For example, at least 20 million ICT specialists should be employed in the EU by 2030;
• Secure and sustainable digital infrastructures. For example, all populated areas should have access to next-generation wireless, high-speed networks (at least as fast as 5G) by 2030.

Cybersecurity plays an important role in Europe’s Digital Decade. For example, in 2030 all EU citizens should have access to e-health. At the same time, the healthcare sector is one of the most targeted by cyber and ransomware attacks.

Also, EU funding programmes speed up the digital transformation trend. The Digital Europe Programme (DIGITAL) has a budget of over €8.1 billion, focused on bringing digital technology to businesses, citizens and public administrations. DIGITAL also provides strategic funding in cybersecurity. Rising geopolitical tensions have shown the vulnerabilities in the EU’s digital supply chains and the importance of investing in cybersecurity.

Through several EU programmes – DIGITAL and the Horizon Europe Programme – the EU wants to support SMEs and public administrations in implementing cybersecurity solutions in the coming years.  In June 2025, the EU announced plans to allocate €145.5 million to empower European cybersecurity and launched 2 calls for proposals:

• The first call, part of DIGITAL, wants to strengthen the cybersecurity of hospitals and healthcare providers. It focuses on threat detection, monitoring and ransomware response.
• The second call, part of the Horizon Europe Programme, wants to support the development and application of generative AI in cybersecurity, along with advanced tools for operational cybersecurity, privacy-enhancing technologies and post-quantum cryptography.

IoT devices can pose security risks

The Internet of Things (IoT) consists of everyday physical devices that are equipped with sensors, internet connectivity and software. They can collect, send and receive data. IoT devices can be anything from smart home appliances to vehicles, industrial machinery and smartwatches. Such devices are increasingly embedded in our day-to-day lives.

The purpose of consumer IoT devices is generally to improve consumers’ daily lives. This is done by, for example, making their lives safer, healthier, or simply more enjoyable. Industrial IoT devices (IIoT) are non-consumer devices, used by organisations to enhance their operations. The purpose of IIoT devices is to allow for increased productivity, efficiency, and safety, while decreasing waste.

As the IoT market is booming, so is the need for cybersecurity solutions that protect all these connected devices and the information they transfer. According to Statista, the European IoT market was expected to reach a revenue of €172.6 billion by 2025. For 2025-2029, the market is expected to achieve a CAGR of 9.6%, reaching a total volume of €249.3 billion. Growth is driven by the growing use of IoT technologies across a wide range of industries in Europe.

IoT is applied in many sectors like healthcare, retail, agriculture, energy and manufacturing. Within the European IoT market, the Industrial IoT (IIoT) segment is leading. There is an especially strong presence of the automotive industry. In Germany, the IoT market is growing fast thanks to a strong push for industrial automation and the rise of Industry 4.0 technologies. Overall in Europe, the expected market volume of IIoT was €44.5 billion for 2025.

In the long term, IIoT is expected to remain the biggest IoT segment by value (€81.1 billion in 2030). IIoT is also expected to be the fastest-growing segment for 2025-2030 (CAGR of 11.8%). The automotive industry and consumer IoT will be the second and third-largest segments. Consumer IoT is expected to grow at a faster pace than the automotive sector. Although it is a smaller segment today, smart cities are expected to gain in importance, showing a strong growth rate of 10.1% in the same period.

Besides information security, another security concern in IoT is that hackers can use these connected devices in DDoS attacks, malware, and phishing threats. Furthermore, the increase in IoT regulations in most European countries propels the growth of the market for IoT security.

AI: threat and opportunity in cybersecurity

Generative-AI tools are lowering the barrier for cyberattackers. At the same time, AI is becoming essential for detection, response and threat-hunting. This is why AI can be seen as a threat but also as an opportunity in the cybersecurity sector.

The use of AI by cybercriminals is a growing threat. According to Europol, cybercriminals increasingly use AI models in their criminal business. This leads to more complex and scalable cyberattacks. AI is used for various criminal activities, like:

• Attack automation;
• Social engineering;
• Bypassing security measures;
• AI-enabled attacks like the creation of deepfakes, synthetic media and false identities;
• Slopsquatting: using AI code assistant errors to place malware into the software supply chain.

In the short term, AI will result in a new level of danger to traditional attacks, which will be harder to detect. AI will also help attackers reach a larger attack surface. This will lead to extra risk exposure. According to McKinsey’s 2024 Cyber Market Survey, in the next 3 years the following increases in risk exposure are expected:

• Traditional perimeter (like endpoints): +30%;
• Modern perimeter (like applications and identities): +10%;
• Expanding perimeter: Cloud/workload +7% and IoT devices +10%.

At the same time, more European companies are starting to use AI. The European market for AI is expected to reach a value of €98.4 billion in 2025. In the long term, the market is predicted to grow at a CAGR of 35.2% (for 2025-2031). Driving factors are the growing use of digital technologies, awareness of the potential of AI, and the convenience offered by online services.

This creates opportunities for cybersecurity companies to offer products and services that secure AI systems. Taking the UK as an example, there are 66 firms in the UK that offer cybersecurity for AI systems. A few of them operate in an upcoming niche market, only offering security for AI. Most of these companies offer security for AI systems and explore the use of AI to enhance existing cybersecurity capabilities. The main product and service areas these companies focus on include:

• AI model security and protection;
• Large Language Model (LLM) and generative AI security;
• AI infrastructure security;
• AI-enhanced security operations;
• AI threat detection and response.

Cybersecurity companies offering security for AI systems include Mindgard and Advai.

Need for strong authentication methods

A growing number of European companies require strong authentication functionalities. They need these to confirm that their employees access their internal networks or applications. To prevent threats of password-based authentication, companies are moving towards layers of multifactor authentication. These layers can be hardware and software tokens, a device authentication step, or biometric verification.

A study conducted by Okta (based on data from Okta Workforce Identity Cloud) shows that the user adoption rate of MFA was 68% in the EMEA in 2024. In the next years, they expect that MFA adoption will be driven by a demand for better user experience and higher security assurance.

Although passwords dominate the market today, Okra sees an increase in passwordless authentication. In the long term, passwordless authentication is expected to become the norm rather than the exception. This change has already started with the rise of biometric authentication, behavioural biometrics and context-aware authentication. MFA is bridging the transition by adding extra verification methods to passwords. By 2030, this may grow into continuous authentication.

Implementing such authentication techniques reduces the risk of cyber threats. It also encourages users to adopt effective cybersecurity solutions. An example of this is a leading access management company, CyberArk. The company offers, among others, Identity Access Management (IAM) solutions, including adaptive multifactor authentication. It makes it possible for remote users to securely access critical systems managed by CyberArk from any device.

Globally Cool carried out this study in partnership with Laszlo Klucs on behalf of CBI.

Please review our market information disclaimer.