A recent study has revealed that the pool of cybersecurity expertise in Australia is actually smaller than previously thought.
The report, known as Australia’s Cybersecurity and Technical Skills Gap, conducted by security provider StickmanCyber and based on an analysis of ABS census and labor force data, unveiled a deficit of 10,000 technical positions nationwide. This equates to just one cybersecurity specialist for every 240 Australian businesses.
The inadequate number of Australian security professionals is in part responsible for the recent surge in data breaches within the region — consequently raising the risk of future cybersecurity events.
An overview of the current IT skills landscape in Australia
The report pinpoints several reasons contributing to the IT skills discrepancy.
Primarily, the swift pace of technological advancements along with the evolving landscape of cyber threats has generated a demand for experts with highly specialized knowledge that cannot be easily imparted to an existing workforce.
As a result, the supply of individuals possessing these skills is falling short of the demand.
In an interview with TechRepublic, Ajay Unni, CEO of StickmanCyber, remarked, “Cybersecurity is a relatively recent field, emerging only in the last decade. It necessitates a cross-functional approach, merging technical proficiency with strategic supervision. Unfortunately, the pool of talented individuals with this distinctive skill set is limited, with major corporations often outbidding smaller enterprises for these experts.”
The effects on enterprises
The scarcity of skills will pose a noteworthy challenge for small to medium-sized companies, which frequently lack the financial means of larger firms and find it difficult to compete in a competition for higher salaries. Consequently, these entities are progressively turning to managed security service providers to fill this void.
Organizations are becoming more comfortable with this method, stated Unni.
“Delegating cybersecurity responsibilities is now as common as outsourcing IT, financial management, and legal functions,” he elaborated. “However, for this to be successful, businesses must set clear targets and define the extent of work. This ensures a superior outcome at a reasonable cost.”
However, depending entirely on MSSPs is not a sustainable, long-term fix. Managed services function best when complemented by internal teams, and SMEs must still explore ways to enhance their internal abilities to oversee and alleviate cyber threats. This requires a strategic emphasis on educating and upgrading the skill sets of existing personnel, as well as attracting fresh talent to the sector.
Government endeavors and their efficacy
Simultaneously, the Australian administration has acknowledged the significance of cybersecurity and has commenced several initiatives to tackle the skills gap. These endeavors involve establishing multiple bodies at both federal and state levels and appointing a national cybersecurity coordinator.
Nevertheless, as previously mentioned on TechRepublic, this focus and devotion to cybersecurity might inadvertently aggravate the skills discrepancy.
Moreover, the effectiveness of these initiatives remains open to debate. According to Unni, “While these projects are commendable, they frequently lack coordination. The multitude of agencies might lead to disjointed actions.
“There’s a dire need for a more consolidated approach to skill enhancement, specifically in enriching these competencies in rural and remote zones where access to training and resources is restricted.”
Temporary measures: bridging the immediate chasm
According to Unni, Australian organizations, educational institutions, and governments must collaborate on short- and long-term solutions to these predicaments. In the immediate period, smaller cybersecurity companies can mentor recent graduates and equip them with practical experience.
“Smaller enterprises should guide fresh graduates and mold them,” Unni remarked. “Larger corporations often run graduate schemes, which are frequently overly competitive and inaccessible. Smaller firms can provide more personalized guidance, assisting in closing the disparity between education and industry demands.”
He also suggested that administrations provide internships at cybersecurity agencies to motivate graduates to enter the sector. “This would furnish invaluable real-world exposure and help create a pipeline of skilled professionals poised to meet the sector’s requirements,” as per Unni’s observation.
Long-range strategies: nurturing a sustainable workforce
Addressing the IT skills shortage in its entirety necessitates a prolonged, multi-faceted method. Academic institutions can play a significant role by updating their curriculums to align with the latest developments in cybersecurity. This encompasses not only technical competencies but also analytical thinking, problem-solving, and strategic thinking.
Moreover, there’s a pressing need to create a more inclusive environment in the cybersecurity realm. Women remain markedly underrepresented in the sector. According to the findings by StickmanCyber, only 16% of cybersecurity specialists are women.
This trend must be reversed to fully capitalize on the talent pool available.
“Having been engaged in IT and cyber activities for over 35 years, I’ve collaborated with numerous women who have excelled in their roles,” Unni shared. “We envision no reason why this trend cannot expand industry-wide. With a female national cybersecurity coordinator, we hope this inspires more women to enter the profession.”
Australia has put itself in jeopardy by lagging in cybersecurity. Rectifying this issue will demand substantial commitment. This involves a nationwide endeavor encompassing both the private and public sectors to invest in education, offer targeted training programs, and establish pathways for underrepresented groups to join the sector.
About Author
