Cybersecurity is no longer a topic companies need to be convinced about, but a field in which the market increasingly feels the shortage of experienced experts, the rise of attacks, and the need for a more comprehensive approach to protection, says Hrvoje Englman, Head of Information Security at Span. In his view, the problem is not only that there are not enough people, but also what kind of people the market actually needs. “There is a strong need for the very best experts, while the demand for juniors is not particularly high,” Englman says.
This structure of demand puts pressure on the entire labour market. Entry-level roles in cybersecurity often involve the most demanding operational work, especially at Level 1, where newcomers need to endure the first year or two before they are even close to becoming experts. “Experts are built over years, and we do not have that time,” Englman points out. He adds that many of the most experienced Croatian specialists are already working for foreign employers because conditions and salaries are better abroad.
In this gap between growing threats and the limited number of specialists, artificial intelligence will play an increasingly important role. Englman warns that attackers will be the first to use it more aggressively, which means the security situation may deteriorate before defensive systems catch up. “Attackers will start using it first, and things will get worse,” he says. But the same mechanisms of scale and speed will eventually become important for defence as well. “We will need some time to catch up,” he adds.
In his view, artificial intelligence can help new generations of cybersecurity professionals acquire knowledge and operational patterns faster. Young people today learn more quickly, have more tools available, and have access to more sources of knowledge, but expectations placed on them are also much higher than before. Englman believes that a combination of new technologies, mentoring, and young talent can gradually narrow the gap. “I believe we will catch up, but before we get there, it will be worse for a while,” he says.
When discussing customer maturity, Englman believes the market has moved beyond the stage in which it was necessary to explain why cybersecurity matters at all. “Today, everyone knows they are potential targets, and they are ready to do something about it,” he says. That is a positive shift, but it does not mean customers always know what they need. Smaller buyers in particular often look for limited, partial solutions without a clear understanding of how security should be implemented as a whole.
As a result, the market sees many small projects and initiatives that do not form a complete protection system. “They would like a little bit of cyber by the kilo,” Englman says, describing an approach in which companies try to buy a fragment of security without making a deeper change in processes, organisation, and technology. Such a model, he warns, cannot solve the problem in the long run. The market still needs to learn how cybersecurity is built comprehensively, rather than as a series of separate technical add-ons.
The shift to remote work several years ago showed how quickly vulnerabilities can become a mass problem. When companies opened themselves to the internet, a wave of attacks followed, and many organisations were hit by ransomware. In many cases, companies understood what they should have done only after the incident. “Companies often realise what needs to be done only after such an attack,” Englman says.
In the next phase, that pressure will become even stronger. Automation and new tools will allow attackers to find and exploit weaknesses faster, leaving less room for postponing investment in protection. “There simply will not be a vulnerability that will not be exploited,” Englman warns. Those who fail to adapt in time may end up rebuilding their security only after a serious incident, when the question is no longer how much protection costs, but how to rebuild the system properly. His conclusion is clear: the situation will improve, but only after a period in which pressure on companies, experts, and security systems becomes even greater.
Cybersecurity is no longer a topic companies need to be convinced about, but a field in which the market increasingly feels the shortage of experienced experts, the rise of attacks, and the need for a more comprehensive approach to protection, says Hrvoje Englman, Head of Information Security at Span.
Omdia has revealed that the European smartphone market (excluding Russia) grew 2% to 33.0 million units in 1Q26.
The debate about cybersecurity today is almost inseparable from the debate about artificial intelligence, but the focus on new tools must not obscure the fact that many attacks still happen because of basic weaknesses, says Joe Tidy, the BBC journalist specialising in cybercrime and ransomware attacks.
