Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Report: Australian companies behind the global curve on cyber security

Under-reporting, lack of budget, and small staff numbers are hobbling Australia’s ability to handle growing cyber threats, according to a new report.

user icon David Hollingworth
Wed, 04 Oct 2023
Report: Australian companies behind the global curve on cyber security
expand image

IT governance organisation ISACA’s new State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations report has some worrying findings when it comes to how Australia rates on the global cyber security stage.

The good news – such as it is – is that Australian companies are starting to catch up in workforce numbers, but it is slow going.

For instance, the reimbursement rate for related university-level tuition has improved from nine per cent in 2022 to 15 per cent in 2023. Similarly, recruitment bonuses are on the rise, as is the amount of money companies are spending on educating their employees.

============
============

However, retaining staff remains a challenge, with 70 per cent of cyber security leaders in the Oceania region experiencing difficulties in keeping staff on their teams.

As to the kinds of skill security professionals are looking for in new hires, these are the top five most desired skill sets:

  • Identity and access management
  • Incident response
  • Data protection
  • Cloud computing
  • DevSecOps

Soft skills such as critical thinking, the ability to communicate clearly, and problem-solving are prized.

But despite Australia’s aim of being a global cyber security leader by 2030, our response to the growing cyber threat landscape is lagging behind, according to the report.

In fact, despite 56 per cent of respondents reporting an increase in threat activity over the last year, the number of companies running annual risk assessments has dropped slightly, down to 42 per cent this last year compared to 43 per cent previously.

On top of that, 65 per cent of security professionals in Australia feel their teams are understaffed, while 61 per cent feel their budgets are underfunded compared to the scoop of the threats they face. Worryingly, only 36 per cent of professionals have confidence they can detect and mitigate threats when they do occur, and there is a distinct trend towards under-reporting cyber attacks, with 78 per cent of Australian organisations under-reporting compared to 63 per cent globally.

Jo Stewart-Rattray, Oceania Ambassador for ISACA, says the report is timely, given the pace of change in cyber security over the last 12 months.

“Under-staffing remains a critical issue facing the sector and it’s time for organisations to create real change by re-considering hiring practices and increasing opportunities for entry-level positions and training up staff,” Stewart-Rattray said in a statement.

“A key element of the Australian Federal Government’s newly announced ‘six cyber shields’ is to ensure cybersecurity is a desirable profession for young people. ISACA’s research indicates 58 per cent of organisations don’t require entry-level applicants to hold a University degree.

“As a sector, we must therefore ensure mentoring and other methods of training, support and incentives are escalated so young people, and those transitioning from other sectors, feel equipped to pursue a cyber career and supported to remain in one.”

You can read the full report here: http://www.isaca.org/state-of-cybersecurity-2022

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.