DataCentreNews UK - Specialist news for cloud & data centre decision-makers
United Kingdom
Cybersecurity compliance specialist reviewing risk reports
#
Data Protection
#
VPNs
#
DevOps

AI drives demand for cybersecurity compliance experts

Wed, 29th Apr 2026 (Today)
Author image
By Sean Mitchell, Publisher

Artificial intelligence is driving rising demand for governance, regulation and compliance experts, according to Malt. The trend emerged in cybersecurity work across its freelancer marketplace.

Research from the freelance management platform found that more than half of cybersecurity projects listed on its network relate to governance, regulation and compliance, or GRC. The analysis was based on keyword searches and project briefs from more than 1,000,000 registered freelancers and over 90,000 companies across the European Union, the United Kingdom and the Middle East.

The data suggests businesses are investing more in cybersecurity governance frameworks and risk assessment programmes as they respond to tighter rules and evolving cyber threats. GRC is now the most sought-after skillset across cybersecurity projects.

Regulatory shift

The study identified AI adoption as a central factor behind that shift. As companies expand their use of AI tools and systems, they are also facing new obligations under emerging legislation, while existing security and privacy frameworks continue to apply.

That has widened the scope of work for compliance specialists. The findings suggest organisations increasingly need people who can work across multiple regulatory and security domains rather than within a single framework.

Irène Kleiber, head of cybersecurity at Malt, said the change is reshaping the discipline itself.

"The rise of AI is fundamentally reshaping the GRC landscape in three concurrent ways, forcing a rapid evolution of both the discipline and the required skills. The EU AI Act, for example, has created a new compliance system alongside traditional frameworks, requiring GRC professionals to master AI-specific concepts like high-risk system classification and algorithmic transparency that didn't exist in their traditional ISO 27001 or GDPR toolkit," Kleiber said.

ISO 27001 featured strongly in both demand and supply. It was the skill most widely available among freelancers, at 32%, followed by risk analysis at 26% and penetration testing at 21%.

At the same time, ISO 27001 remained the most requested GRC project type, especially for maturity assessments and roadmap planning. The standard sets out a framework for information security management systems and is commonly used by organisations seeking to formalise their handling of sensitive data.

Project mix

Beyond compliance-focused work, penetration testing and security audits were the second most common category of cybersecurity projects. Within that group, web applications and application programming interfaces accounted for 45% of assignments.

Risk assessment programmes represented 20% of all cybersecurity projects in the dataset. Malt linked that demand to new regulations, certification work and follow-up action after previous security incidents.

The study also found a shift in infrastructure and network penetration testing. A quarter of those projects focused on internal pressure points, particularly Active Directory and virtual private network configurations, as companies strengthen their internal defences.

Kleiber said AI is also collapsing boundaries that once separated different strands of governance and security work.

"Most critically, AI is creating a convergence crisis, blurring traditional GRC boundaries. The typical GRC project now demands simultaneous expertise in GDPR, NIS 2, ISO 27001, cybersecurity more widely and AI Act compliance.

"GRC is moving downstream, from the exclusive domain of large enterprises to a requirement for companies of all sizes, with expert freelancers serving as the flexible talent for this democratisation," Kleiber said.

The figures offer a snapshot of how cyber hiring needs are changing as regulation expands alongside technical risk. They also suggest companies are looking beyond traditional security testing for advice on governance structures, compliance mapping and formal risk management.

For freelancers, the data points to sustained demand for expertise that combines regulatory literacy with practical security knowledge. For employers, it shows that AI adoption is creating demand not only for developers and data specialists, but also for advisers who can help organisations navigate a more complex compliance environment.

The report was based on activity from Europe's largest independent tech community, drawing on project briefs and company searches made through the platform.

Related stories
Google Cloud CEO sets out enterprise AI agent plan
Most large UK firms cannot explain overseas AI data use
Katsina signs deal for 50,000 solar AI streetlights
Kingston launches 30.72TB DC3000ME SSD for data centres
Netskope expands Google Cloud AI Guardrails partnership

Top stories

Creative ITC partners IMSCAD on remote workstation services
DXC launches OASIS for AI-era managed services oversight
Ntt Data launches AI agent for multivendor IT estates
Vertiv acquires Strategic Thermal Labs in cooling push
Dell expands cyber resilience with quantum-ready PCs