According to new research from the Information Systems Audit and Control Association, better known as ISACA, nearly two-thirds of cybersecurity professionals say job stress is growing.
The organisation’s newly released 2024 State of Cybersecurity Survey report found job openings are declining, 64% of cybersecurity professionals in Australia say their role is more stressful now than it was five years ago, and 57% of respondents in Australia don’t know what cyber insurance, if any, their organisation has.
The annual Adobe-sponsored study reveals the feedback of more than 1,800 cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape. According to the data, Australian cybersecurity professionals are feeling stress at slightly higher rates than their global peers for reasons including:
- An increasingly complex threat landscape (85% v. 81% globally);
- Low budget (48% v. 45% globally)
- Worsening hiring/retention challenges (50% v. 45% globally); and
- Lack of prioritisation of cybersecurity risks (35% v. 34% globally)
However, global cybersecurity professionals are feeling the strain of insufficiently trained staff at a higher rate than in Australia, at 45% compared to 37% locally.
Status of Cybersecurity Attacks
In line with the sentiment around challenging threats, 29% of organisations in Australia are experiencing increased cybersecurity attacks (38% globally). These top attack types include social engineering (19%), third party (19%), security misconfiguration (14%), sensitive data exposure (13%) and unpatched system (13%).
In addition, more than half of respondents in Australia (53%) expect a cyberattack on their organisation in the next year (higher than the global average of 47%), and only 32% have a high degree of confidence in their team’s ability to detect and respond to cyber threats.
Further, 57% of organisations in Australia don’t know what kind of cyber insurance, if any, their organisation carries.
Jo Stewart-Rattray, ISACA’s Oceania Ambassador, said it was pleasing to see less reported cybersecurity incidents in Australia than the global average, but organisations must maintain vigilance.
“Despite a lower number of respondents reporting cyberattacks in Australia than in other parts of the world, we know that each attack is increasing in complexity, requiring even more effort, energy and intelligence by cyber professionals,” said Stewart-Rattray. “Staying ahead of new technologies and digital weapons is all-consuming and this certainly explains why cyber pros in Australia are feeling increased stress in their jobs.”
“The gap between the anticipated likelihood of a cyberattack in the coming year and the confidence in handling it is concerning,” she adds. “It highlights the urgent need for ongoing education and training to keep pace with evolving threats. Knowledge, preparedness and teamwork remain integral to preserving digital security.”
Resource Challenges
Despite an increasingly difficult threat landscape, the survey shows cybersecurity budgets and staffing are not keeping pace. Almost half (47%) say that cyber budgets are underfunded and only 33% expect budgets will increase in the next year.
Though 51% of organisations say their cybersecurity teams are understaffed, hiring has slightly slowed:
- 44% of organisations have no open positions;
- 42% of organisations have non-entry level cybersecurity positions open; and
- 14% have entry-level positions open
Skills and Retention Trends
Employers seeking qualified candidates for open roles are prioritising prior hands-on experience (82%) and credentials held (36%).
Respondents indicate that the main skills gap they see in cybersecurity professionals are soft skills (47%), especially in communications, critical thinking and problem-solving, and cloud computing (38%).
For the more than half of survey respondents in Australia (63% v. 55% globally) that reported having difficulties retaining qualified cyber candidates, the main reasons for leaving included being high work stress levels (60% v. 46% globally), poor financial incentives (57%), and recruitment by other companies (54%).
“Employers should hone in on the occupational stress their digital defenders are facing,” says Jon Brandt, ISACA Director of Professional Practices and Innovation. “This is an opportunity for employers to explore ways to support staff before burnout and attrition occur. Employees want to feel valued. As the leadership adage goes, take care of your people, and they’ll take care of you.”