Share this article on:
According to a new report from StickmanCyber, the local industry is “too small, too male, and is propped up by overseas nationals”.
Every chief information officer (CISO) and their support animal of choice knows that there’s an ongoing skills crisis in Australia’s cyber security industry, but the reality may be even worse than first thought, according to a new analysis of the subject.
Cyber security services firm StickmanCyber’s Australia’s Cybersecurity and Technical Skills Gap report combines research based on the latest Australian census with labour force data collected between 1997 and 2024.
The report found that the industry is actually far smaller than first thought, and the current rising rate of data breaches is a direct consequence of a lack of skilled workers in the area.
The total number of people in roles such as “penetration tester, cyber security engineer, cyber security analyst, cyber governance risk and compliance specialist” is just 11,387, according to the last census, which equates to only 3 per cent of the ICT workforce.
That’s one cyber security specialist for every 240 Australian organisations.
“The Australian cyber security industry is growing, but there is a worrying shortage of technical cyber security skills, and very few Australians are in dedicated cyber security roles such as penetration testing. Many recent high-profile breaches are a natural consequence of Australia’s cyber security and technical skills gap,” Ajay Unni, StickmanCyber founder and CEO, said in a statement.
“Too much of the cyber security burden is falling to IT teams and professionals with a broad knowledge of IT, who lack specialised cyber security expertise. They don’t have the expertise needed to protect a business. There is also a degree of disproportionate trust in technology. Australia needs more security people, not products.”
The report also found that the make-up of those people in the industry is deeply problematic. Fifty-one per cent of specialists in the country were born overseas, highlighting a dangerous dependence on skilled migration.
Similarly, just 16 per cent of the cyber security workforce are women, and that’s even worse when it comes to penetration testing, where only 5 per cent of the workforce are women.
“There are no quick fixes to this problem. Right now, migrants with technical skills are filling a lot of technical roles, but Australia needs to incentivise young people and students to pursue a career in cyber – especially women,” Unni said.
“Companies also need to improve working conditions and reduce burnout to ensure that people stay in the field. In the short term, businesses that cannot find the skills they need in-house must look to trusted third-party security service providers who have the skills they lack. Every business needs a dedicated team that can be held responsible for building up and managing their security properly.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.