As Australia aspires to become the global leader in cybersecurity by 2030, new data reveals where Australian cybersecurity pros fall short of global counterparts.
In Oceania, higher levels of understaffing (65 percent); somewhat or significantly underfunded cybersecurity budgets (61 percent); and lower confidence in their organisation’s ability to detect and respond to cyber threats (only 36 percent are completely or very confident), have been revealed in ISACA’s annual research report, State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations.
Interestingly, only 42 percent of respondents in Oceania say their organisation conducts a cyber-risk assessment at least annually – compared to 43 percent in 2022 – despite 56 percent reporting an increase in attacks over the past twelve months.
Globally, the ninth annual survey reveals soft skills, cloud computing and security controls are emerging as the biggest skills gaps in today’s cybersecurity professionals.
Jo Stewart-Rattray, Oceania Ambassador, ISACA said the State of Cybersecurity research has been highly anticipated considering the escalating threat landscape experienced in our region over the past twelve months.
“It is concerning that sixty-five percent of cybersecurity leaders in the region said their teams remain understaffed, considering 93 percent say they are experiencing the same or increased number of attacks compared to a year ago,” said Ms Stewart-Rattray.
Among those with cybersecurity positions open in their organisations, 51 percent of respondents have job openings for non-entry level roles, compared to 19 percent with job openings for entry-level positions. Oceania sits just behind India and alongside Africa, anticipating an 82 percent increase in demand for technical cyber professionals over the next year.
“Under-staffing remains a critical issue facing the sector and it’s time for organisations to create real change by re-considering hiring practices and increasing opportunities for entry-level positions and training up staff,” added Ms Stewart-Rattray.
“A key element of the Australian Federal Government’s newly announced ‘six cyber shields’ is to ensure cybersecurity is a desirable profession for young people. ISACA’s research indicates 58 percent of organisations don’t require entry-level applicants to hold a University degree.
“As a sector, we must therefore ensure mentoring and other methods of training, support and incentives are escalated so young people, and those transitioning from other sectors, feel equipped to pursue a cyber career and supported to remain in one.”
Staffing and Skills
The research indicates some strides have been made in addressing employee retention, but it continues to be a challenge. More than half of cybersecurity leaders in Oceania (70 percent) say they have difficulty retaining qualified cybersecurity professionals.
This is despite benefits offered to cybersecurity pros increasing. In Oceania, university tuition reimbursement is 15 percent (compared to 9 percent in 2022), recruitment bonuses are 21 percent (compared to 13 percent in 2022) and reimbursement of certification fees at 58 percent (up from 55 percent in 2022).
When hiring, respondents in Oceania say they are looking for the following top five technical skills in cybersecurity pros:
- Identity and access management (58 percent vs 49 percent globally)
- Incident response (55 percent vs 44 percent globally)
- Data protection (50 percent vs 44 percent globally)
- Cloud computing (45 percent vs 48 percent globally)
- DevSecOps (35 percent vs 36 percent globally)
When looking at soft skills, critical thinking (62 percent), communication (59 percent), problem-solving (50 percent), teamwork (49 percent) and attention to detail (43 percent) come in as the top five skills employers are seeking in cybersecurity job candidates. The skills of empathy (17 percent) and honesty (13 percent) came in lower in importance—a noteworthy finding given that 78 percent of respondents in Oceania believe organisations under-report cybercrime.
Respondents examined where cybersecurity professionals in Oceania are lacking—citing soft skills (69 percent), cloud computing (47 percent), security controls (45 percent), networking related topics (30 percent), data related topics (27 percent) and coding skills (25 percent) as being the biggest skills gaps today.
To mitigate these technical skills gaps, respondents indicate their top three approaches are training non-security staff who are interested in moving into security roles (56 percent), increasing usage of contract employees or outside consultants (44 percent), and offering apprenticeships/internships (22 percent). When addressing nontechnical skills gaps, organisations are leveraging online learning websites (47 percent), mentoring (40 percent) and corporate training events (33 percent).
Cybersecurity Threats
When looking at the cybersecurity threat landscape, 93 percent of Oceania respondents reported the same or increased cybersecurity attacks, compared to only 8 percent who reported fewer attacks. Despite this, only 36 percent of respondents are very or completely confident their organisation’s ability to detect and respond to an attack.
The top three attack concerns in Oceania remain the same as last year—enterprise reputation (86 percent), data breach concerns (70 percent) and supply chain disruptions (55 percent).
Looking Ahead
Eighty-two percent of survey respondents in Oceania say demand for technical cybersecurity individual contributors will increase in the next year, and half (51 percent) expect an increased demand for cybersecurity managers. Over half (59 percent) believe that cybersecurity budgets will at least slightly increase in the coming year.
“The cybersecurity workforce faces a significant talent gap. Adobe believes that great talent can come from anywhere – and sustained investment both by our industry and governments worldwide will be critical to developing a diverse pipeline of talent to help us all address this growing gap,” says Maarten Van Horenbeeck, Senior Vice President and Chief Security Officer at Adobe. “This is especially critical when it comes to being able to respond to the evolving complexity and ingenuity in the cybersecurity threat landscape, accelerated by AI technologies.”
