Share this article on:
Australian cyber organisations face the risk of losing their chief information security officers (CISOs) and senior cyber staff to their overseas counterparts due to a lack of competitive compensation.
As demonstrated by a report conducted by Heidrick & Struggles, Australian cyber security companies could see their most sophisticated staff migrate towards jobs in Europe and the US due to better salaries and long-term incentives.
“The average total cash compensation for CISOs in Australia was $368,000 [roughly AU$550,000],” the report points out.
“Average total compensation, including any annualised equity grants or long-term incentives, was $586,000 [roughly AU$876,609].”
These figures, whilst considerable, fall significantly below those set by counterparts in Europe and the US.
In Europe, the average total cash compensation was almost US$100,000 more at US$457,000 (roughly AU$684,000).
In the US, the number jumps even higher, to a median of US$620,000 (roughly AU$931,000), while median total compensation increased to US$1.1 million (roughly AU$1.653 million).
While comparing mean and median values may not be entirely ideal, it demonstrates that Australian companies are not offering competitive rates in an industry largely without geographical boundaries.
Australian CISOs are noticing the discrepancy, too, with Australian respondents expecting most expecting an increase in cash base expectations.
Zero per cent of Australians compared a decrease of any kind, while 2 per cent of US respondents and 3 per cent of European respondents expected a decline.
Sixty-one per cent of Australians expected a 1 to 5 per cent increase as opposed to 46 per cent in the US and 41 per cent in Europe. A further 19 per cent expected a 6 to 10 per cent increase over the US and Europe’s 14 per cent and 10 per cent, and 6 per cent expected an increase over 10 per cent, similar to 6 per cent in the US and 5 per cent in Europe.
The news also comes during a massive industry talent shortage, with the workforce gap being over 40 per cent as of last year. By 2026, Australia needs an additional 17,000 cyber operators, according to the Australian Cyber Security Growth Network.
Similarly, not-for-profit organisation AustCyber found that Australia needs an additional 7,000 cybersecurity specialists by the end of 2024, and 16,600 by 2026.
Australia isn’t alone either, with the global shortage being as high as 2.7 million, according to ISC², meaning Australia needs to compete to ensure its cyber security remains strong.
The shortage is growing, too, with experts migrating to different roles due to large workloads leading to burnout.
Australia’s need to provide competitive compensation becomes even more apparent with the goals it has set out for national cyber security.
Cyber Security and Home Affairs Minister Clare O’Neil said that she hopes to make Australia the most cyber secure nation in the world by 2030, a key goal of the 2023–2030 Australian Cyber Security Strategy.