top of page

6 Key Success Factors to run Effective National Cybersecurity Competitions

The new report identifies the success factors of cybersecurity competitions and provides preliminary insights and a discussion platform for a common European Cybersecurity Challenge (ECSC) Roadmap.

The success of cybersecurity competitions: why does it matter?

In light of today’s cybersecurity threats, the global cybersecurity workforce would need to grow by 89% for organisations to defend their critical information and communications technology (ICT) assets effectively.

In order to address this critical situation, national governments started to implement a number of programmes and policies to increase the number of professionals available on the labour market.

National cybersecurity competitions (NCSCs) such as capture-the-flag (CTF) events gathering teams of students have been some of the most widespread tools used to address the shortage.

Besides, several national cybersecurity competitions now take place worldwide including in Asian, English-speaking and European countries.

The European Union’s competition is the European Cybersecurity Challenge (ECSC). The pan-European event is organised once a year by the European Union Agency for Cybersecurity (ENISA). The objective of the competition is to improve and increase cybersecurity talent in Europe and connect high potential individuals with industry-leading organisations. This high level objective may be ‘transposed’ to a number of sub-objectives, such as:

  • identify young cybersecurity talent;

  • increase interest in cybersecurity as a topic;

  • increase cybersecurity knowledge and skills;

  • increase interest in a cybersecurity career and connect participants with employers;

  • create a network of young cybersecurity specialists.

ECSC stakeholders are therefore very keen to deepen their understanding of the key elements on which a national cybersecurity competition success is built on.

How to increase the impact of cybersecurity competitions: the 6 success factors

The new ENISA Report - Towards a Common ECSC roadmap identifies 6 main factors, namely:

  • policy relevance;

  • governance and public–private partnership;

  • funding;

  • public relations and marketing strategy;

  • organisation, training and cybersecurity challenges;

  • connection to employers and career outcomes.

What are the recommendations?

A number of recommendations are issued for each of the 6 success factors identified.

To meet the ECSC’s objectives, a strong foundation is needed. This foundation means developing a systemic learning environment designed to encourage and attract the young into cybersecurity. This could take the form of targeted events or challenges locally organised to spread cybersecurity knowledge geographically and help create small clusters of cybersecurity hubs regionally for instance.

As secondary, high school and university students will move up the scale of the education system, this community of cyber-minded young men and women will continue to gather around national or European events and challenges to finally expand the number of professionals in the field. The common roadmap should therefore include three phases at national level to target different age groups accordingly.

Besides, policies should be made relevant to a broader audience. Establishing a close cooperation among schools, universities and the public and private sectors to facilitate the dissemination of information could be envisaged as a solution.

A funding strategy should be devised. For instance, supporting a model where costs are shared among key actors such as governments together with the private sector could provide more financial stability over time.

The creation of a joint working group is also recommended to support the organisation of cybersecurity competitions. This working group would include participants from the Member States and would be in charge of defining standards, providing assistance, creating a central repository of challenges, and coordinating with the different stakeholders.

What can ENISA do?

The European Union Agency for Cybersecurity can help national competitions obtain the support of national public authorities by leveraging the Agency’s network of national contact points and policymakers.

In this respect, ENISA is already providing its support to Member States as described above. At the same time, ENISA can also help with the dissemination of national competitions. Public affairs activities could be further coordinated with the other activities of the Agency in the field.

Who is this report for?

  • the organisers of the national cybersecurity competitions who select the team that will attend the ECSC;

  • the EU institutions involved in the organisation and planning of the ECSC, most notably ENISA and the European Commission;

  • the stakeholders that benefit from the success of national cybersecurity competitions, including academia, national governments and the private sector.


The European Cybersecurity Challenge is an annual competition, coordinated by the European Union Agency for cybersecurity. The event offers a platform for young cyber talent across Europe to gather and engage in networking over a unique opportunity to experience cooperation in trying to solve a cybersecurity problem.

The ECSC is intended to encourage young people to pursue a career in cybersecurity, by challenging and developing the participants’ skills needed in such extreme situations and connecting them with industry.

Source: European Union Agency for Cybersecurity


bottom of page