Cybersecurity sector in Portugal: 144 companies, 1,2300 employees

  • Lusa
  • 5 July 2022

According to data from the National Cybersecurity Centre, the country's cybersecurity sector had 144 companies, 1,300 workers and €130 million in turnover in 2019.

Portugal’s cybersecurity sector had 144 companies, 1,300 workers and €130 million in turnover in 2019, according to data from a report by the National Cybersecurity Centre published on Monday.

In the report, which focuses on the economic part of the sector, the authors concluded that “the cybersecurity sector in Portugal, made up of companies whose turnover largely comes from this activity, involves 144 companies, employing approximately 1,300 workers and invoicing around €130 million”.

Still, the study warns that, because these companies do not have a specific CAE (Portuguese Classification of Economic Activities), the size of the sector may be much larger.

According to the report, “in 2020, the total number of ICT [Information and Communication Technologies] specialists employed in Portugal exceeded 190,000”, while “between 2015 and 2020, the supply of ICT specialists in the country increased by more than 57,000 workers”.

This growth, according to the report, “allowed to reinforce the proportion of specialists in this area in total employment (from 3% to 4%) and approach the European Union average (4.3%)”, stressing that, “in the last five years, a slight ageing of these professionals has been seen, in line with what happens in other European countries”.

The study also concluded that “almost six in every ten professionals earn between €20,000 and €50,000 a year (31% between €20,000 and €35.000, and 27% between €35,000 and €50,000)” and that around “three in every ten receive more than €50,000”, while “the remaining 13% earn less than €20,000”.

In recent years, the remuneration of cybersecurity professionals has risen, according to the document, and “the average remuneration in the sector is higher than the national average for the same level of qualifications”.

The report also reports on a survey of small and medium-sized enterprises, which concludes that “more than a third of Portuguese SMEs devote less than €3,000 annually to cybersecurity, a third more than €3,000 and the rest do not know (or do not answer) how much they allocate to this area”, adding that “one in ten companies has a cybersecurity budget of more than €15,000 annually”.

Furthermore, “half of the companies outsource cybersecurity-related tasks, while approximately one third performs them internally”, with the majority of Portuguese SMEs (70%) having “only one full-time employee dedicated to cybersecurity functions”.

The report also concluded that “for almost half of the companies the main barrier to the implementation of measures to improve the levels of cybersecurity is their cost”, revealing that “almost a quarter of the Portuguese SMEs have been the target of a cyber-attack” and considering that this is a “growing trend”.

The most frequent incidents for SMEs “are Spam (77.4%), Phishing/Smishing (59.4%), Ransomware (51.6%) and malicious software on devices (49.7%)”, with “login attempts by third parties (28.4%), exploitation of vulnerabilities (22.6%), social engineering of members of the organisation (16.8%) and scanning of company systems (16.8%)”, the document said.