The global cybersecurity workforce gap has reached approximately 4.8 million unfilled positions, according to ISC2’s 2024 Cybersecurity Workforce Study — a 19.1% increase from 2023. The global cybersecurity workforce itself stands at 5.5 million, growing at just 0.1% year-over-year — essentially flat while demand accelerates. This is not a projected future shortage: organizations are operating with understaffed security teams today, and the consequences are measurable. Fortinet’s 2025 Skills Gap Report found that 86% of organizations experienced at least one cyber breach in 2024, with more than half reporting damages exceeding $1 million. IBM’s 2024 data attributes a $1.76 million increase in average breach costs directly to the skills gap.
ISC2’s newer 2025 study, published in December 2025, shifts the framing: 59% of respondents now report critical or significant skills shortages (up from 44% in 2024), and 48% feel exhausted trying to stay current on evolving threats and emerging technologies. The message is evolving from “we need more people” to “we need the right skills” — a distinction that matters for countries building their cyber workforce from scratch.
In Africa, the imbalance is particularly stark: fewer than 25,000 certified security professionals serve a continent of 1.4 billion people. Nigeria, South Africa, and Algeria are the top three targets for cyberattacks on the continent. The Middle East and Africa region did see 7.4% workforce growth in the ISC2 2024 study — the largest regional increase globally — but from a low base that remains far short of demand.
Algeria’s Threat Landscape: 70 Million Attacks
For Algeria, the urgency is driven by hard numbers. Algeria recorded over 70 million cyberattacks in 2024, ranking 17th globally among the most targeted countries according to Kaspersky. Over 13 million phishing attempts and nearly 750,000 malicious attachments were blocked. The country’s expanding digital infrastructure — government e-services, mobile payments, enterprise cloud migration — has widened the attack surface far faster than the workforce has grown.
Algeria’s cybersecurity market revenue stands at approximately $129.3 million in 2024, projected to reach $183.4 million by 2029 at a 7.24% compound annual growth rate. This is real money flowing into security solutions — but those solutions require people to operate, configure, and manage them.
Decree 26-07: Structural Demand by Law
A January 2026 presidential decree (No. 26-07, published January 21 in the Official Gazette) now legally requires every public institution, administration, and public body to establish a dedicated cybersecurity structure. The mandate is specific: the cybersecurity unit must be independent from IT operations, report directly to the entity’s top leader, and be responsible for security policy development, risk mapping, audits, continuous monitoring, incident reporting, and staff awareness training. Compliance with data protection legislation — particularly in coordination with the ANPDP (National Authority for Personal Data Protection) — is also required.
This regulation directly creates structured staffing demand across the entire Algerian public sector. Every ministry, university, hospital, public agency, and state-owned enterprise must now have at least one qualified cybersecurity professional — and more realistically, a small team.
The Data Protection Layer: Law 11-25
Layered on top of the cybersecurity decree, Algeria’s data protection framework has undergone a significant upgrade. Law 11-25, adopted by Parliament in July 2025, amends and supplements the original Law 18-07 (2018). The new law introduces:
- Mandatory Data Protection Officer (DPO) appointment for all data controllers — a role that did not formally exist in Algerian law before
- Data Protection Impact Assessments (DPIAs) for high-risk processing
- 5-day breach notification requirement to the ANPDP
- New definitions for biometric data, profiling, pseudonymisation, and data breaches
- Expanded ANPDP oversight powers and international data transfer rules
The ANPDP has been operational since August 2022 (members appointed May 2022), with the original law becoming fully applicable in August 2023. Law 11-25 brings Algeria closer to GDPR-level data protection — and creates a distinct compliance function requiring combined legal and technical expertise.
Advertisement
Algeria’s Institutional Response
Algeria is building the training infrastructure to match these legal mandates:
- National Higher School of Cybersecurity: Created by Presidential Decree No. 24-181, this dedicated institution at the Sidi Abdellah technology hub west of Algiers was inaugurated in September 2024 for the 2024-2025 academic year. Operating under the Ministry of Higher Education in coordination with the Information Systems Security Agency, it trains engineers and doctoral researchers in penetration testing, security operations, forensics, and AI-native detection.
- ENSIA (National School of Artificial Intelligence): Also at Sidi Abdellah, ENSIA provides the foundational AI, data science, and NLP pipeline from which cybersecurity specialists can emerge. Approximately 57,700 students are enrolled across 74 AI-related master’s programs in 52 Algerian universities, according to the New Lines Institute — a broad pipeline that feeds into security specialization.
- Algeria-Huawei Partnership: Beginning September 2026, Algerian students will receive certified vocational training in cloud computing, cybersecurity, and AI at three confirmed institutions: the National Specialized Institute for ICT in Rahmania, INSFP Bousmail, and the African Institute for Vocational Training in Boumerdes. Diplomas will be jointly issued by the Ministry of Vocational Training and Huawei.
- Algeria-South Korea Cybersecurity Forum: The 2nd Algerian-Korean Cybersecurity Forum, held in June 2025 in partnership with KOICA, focuses on operational capacity building and knowledge transfer — signaling growing international cooperation on cyber defense.
- Algerie Telecom Investment: In 2025, Algerie Telecom invested 1.5 billion DZD (approximately $11 million) to fund AI, cybersecurity, and robotics startups — creating an entrepreneurial pipeline alongside the academic one.
The Outsourcing Opportunity
Beyond domestic demand, Algeria is positioning itself as a cost-effective cybersecurity hub for European companies. Expert-level cybersecurity consultants in France command approximately 900 EUR per day (Paris/Ile-de-France rates). A qualified Algerian engineer with equivalent skills can offer comparable services for roughly 250 EUR per day — nearly 70% savings — with the added advantages of French fluency, compatible time zones (one hour difference), and growing technical infrastructure. A 2024 survey of Algerian developers found that 60% of those working for Algerian companies already have remote work options.
The Most In-Demand Roles Right Now
- SOC Analyst (Tier 1-3): Security operations and threat monitoring. Decree 26-07’s requirement for “continuous monitoring” and “incident reporting to competent authorities” makes this the most immediately needed function across public bodies.
- Penetration Tester / Ethical Hacker: High demand, premium salaries, requires hands-on lab practice and certifications such as CEH or OSCP.
- Cloud Security Specialist: As organizations migrate to AWS and Azure, securing cloud environments is a critical and growing gap. Fortinet reports that 57% of hiring managers struggle to find candidates with cybersecurity-AI experience — cloud security sits at this intersection.
- Data Protection Officer (DPO): Law 11-25 formally mandates this compliance function. Organizations need professionals who understand both the legal framework and the technical implementation of data protection controls, DPIAs, and breach response.
- GRC Analyst (Governance, Risk, Compliance): With both a cybersecurity mandate (Decree 26-07) and a data protection law (Law 11-25) requiring documented policies, risk assessments, and audit trails, GRC expertise is no longer optional.
Certifications That Open Doors
- CompTIA Security+ — Vendor-neutral foundation, widely recognized. Achievable in 3-4 months of dedicated study for beginners (2-3 hours per day). Fortinet’s 2025 report found that 89% of hiring managers prefer candidates with certifications. The best starting point.
- CEH (Certified Ethical Hacker) — Industry standard for penetration testing. Recognized by government and enterprise buyers across MENA.
- AWS Security Specialty or Microsoft SC-900 — Cloud security certifications increasingly required as infrastructure migrates to cloud environments.
- CISSP — Senior-level, requires 5 years of experience. The gold standard for security governance and management roles.
- ISO 27001 Lead Implementer — Directly relevant to the audit and policy requirements of Decree 26-07.
A note on training timelines: “six months to employment” claims are common but rarely verifiable — readiness depends on baseline skills, lab access, mentorship, and the specific role. Building a home lab with free platforms like TryHackMe or Hack The Box accelerates practical readiness significantly, and a portfolio of documented exercises matters more to employers than a certificate alone.
Quick Take: If you are a CS student choosing a specialization, cybersecurity offers the clearest employment path in 2026 — backed by Decree 26-07 requiring cybersecurity units in every public institution, Law 11-25 mandating DPOs, and a $129M domestic market growing at 7.2% annually. Start with CompTIA Security+ and build hands-on skills using free platforms before pursuing higher certifications. The institutional demand is now structural and legally enforced.
Frequently Asked Questions
How severe is the global cybersecurity skills shortage?
The global shortage reached 4.8 million unfilled positions according to ISC2 2024 data. Algeria has only a few hundred CISSP holders for 47 million people, and Decree 26-07 creates demand for thousands of new professionals across approximately 2,000 public institutions.
What can Algeria do to close its cybersecurity talent gap?
Algeria needs a multi-pronged approach: subsidized international certifications (CompTIA Security+, CEH), partnerships between universities and SOC operators for hands-on training, and competitive salary structures that reduce brain drain to European employers.
Which cybersecurity roles are most needed in Algeria right now?
SOC analysts top the list due to Decree 26-07 compliance requirements. Incident response specialists, cloud security engineers, and GRC (governance, risk, compliance) professionals are also in critical shortage across both public and private sectors.
Sources & Further Reading
- ISC2 — 2024 Cybersecurity Workforce Study
- ISC2 — 2025 Cybersecurity Workforce Study
- Fortinet — 2025 Cybersecurity Skills Gap Report
- ARPCE — Presidential Decree No. 26-07 (Cybersecurity Structures)
- CMS Expert Guide — Algeria Data Protection Law 11-25
- Ecofin Agency — Algeria Orders Cybersecurity Units Amid Surge in Cyberattacks
- TechAfrica News — Algeria Expands Vocational Training for Cybersecurity
- New Lines Institute — Why Algeria Is Positioned To Become North Africa’s AI Leader
- Systelium — Algeria as a Cybersecurity Hub
- Statista — Algeria Cybersecurity Market Revenue
