%20(1200%20x%20675%20px).png)
Portugal is at a digital crossroads. As we accelerate toward a fully connected future, our SMEs (the backbone of our economy) and our Public Sector institutions (the guardians of our citizen data and most of our critical infrastructure), are facing a new reality. Cyberattacks are no longer abstract threats targeting distant and large corporations. They are here, they are frequent, and they are targeting increasingly both SMEs and PSIs.
The numbers and their impact are clear:
- according to Microsoft Digital Defence Report 2025, Portugal is the 12th European country more affected by cyber attacks
- 54% of the Portuguese SMEs have suffered at least one cyberattack in the last 12 months
- A major cyber attack on the AMA infrastructure led to temporary shutdown/disruption of public digital services, preventing access to critical e government services and authentication system, a core national identity layer.
Two main challenges must guide our strategy moving forward:
1. First and foremost, the Human Factor. We, in Portugal and across Europe, suffer from a serious, and growing, cyber-workforce shortage. ENISA’s 2024 “State of CyberSecurity in the Union" report is clear in its assessment that the skills gap is a structural weakness in EU cybersecurity capacity.
A recent Mastercard report release in 2025 indicates that 49% of Portuguese business owners say they lack the skills to defend against cyberattacks and 79% say they need training in cybersecurity. Something needs to be done.
2. The rise of "Cybercrime as a Service Economy". Cybercrime has been democratized. Criminals can now buy sophisticated ransomware and phishing kits on the dark web. This means no organization is too small to be targeted. Hospitals, municipal services, and government agencies are "preferred targets" for ransomware groups. Because they hold the most sensitive data, and the urgency to restore public services makes them more likely to pay.
In 80% of global cyber incidents, the primary goal is data theft, often for profit via extortion.
We, at Lusófona University, are addressing the first challenge directly via our academic offerings, from Bachelor to Master studies. From Postgraduate courses to European level Joint Masters. One of the market’s key demands is the development and management of secure systems since half of cybersecurity professionals admit to making mistakes due to a lack of knowledge.
Our Bachelor’s degree in Computer Engineering includes a module entirely dedicated to Computer Security. Students complete the degree with a sound
understanding of the key concepts of cybersecurity and their practical application. On the Master’s in Computer Engineering and Information Systems, they expand and deepen this knowledge in subjects such as secure programming, the management and organisation of cybersecurity within organisations, and techniques for securely managing user identities. These courses produce highly qualified engineers capable of building robust computer systems that incorporate best practices to withstand cyberattacks.
However, there is a more specific need in the market for professionals highly specialised in cybersecurity, who can help companies identify and address their vulnerabilities. Lusófona University offers a Postgraduate Course in Applied Cybersecurity specifically designed to meet this need. In addition, we have very recently proposed to Portuguese Higher Education Accreditation body (www.a3es.pt) a Master’s degree and a Bachelor’s degree
entirely focused on cybersecurity. These two degree programmes are fully aligned with the recommendations of ENISA (ENISA European Cybersecurity Skills Framework (ECSF)) and NIST (National Initiative for Cybersecurity Education (NICE) Framework) and cover specific topics such as: cryptography, digital forensics, security threat analysis, risk management, regulatory compliance, incident response, risk analysis, information management and privacy, cloud security, cybersecurity operations centre management, penetration testing, ethical hacking, amongst many other specific areas.
We are keenly aware that curricula in this field must be constantly updated to keep pace with the extremely rapid developments taking place. There are certain fundamental topics, such as the principles of security, protection and cryptography, which form a foundation that students must have a solid grasp of. However, the ways in which attacks manifest themselves are constantly evolving, and course curricula must keep pace with these developments. The same applies to the technical solutions for dealing with attacks and vulnerabilities; they evolve rapidly and the programmes must reflect this evolution. It is necessary to have a solid foundation of knowledge, but also the flexibility required to update the curriculum in this game of cat and mouse involving new types of attacks launched by hackers and new defences to counter them.
Last but not least, reskilling (and the CYCERONE project offers multiple opportunities in this respect) in this area is inevitable because cybersecurity has a
cross-cutting impact on various departments within companies and organisations. This naturally includes IT teams responsible for network and infrastructure management, software development and maintenance, but it also involves all other areas of the organisation, particularly in terms of identifying requirements, classifying information, the company’s structure, and the security culture. Cybersecurity cannot be addressed simply by maintaining the organisation’s traditional way of working and adding a cybersecurity team. Organisations must change their working processes, with a particular focus on the IT department, but with ramifications extending far beyond that area. This means reskilling existing staff so that they can adapt their working methods. There will be a need to recruit specialist professionals for new cybersecurity roles, but many of these roles will be filled by people with strong prior experience who have specialised in cybersecurity through these courses.
Want to stay informed about the latest in cybersecurity training ? Subscribe to our newsletter to receive updates on free training opportunities, expert insights, and the latest trends in cybersecurity. Don’t miss out on the chance to upskill your team and stay ahead in the digital age!
