Australia hardest hit globally by cyber security skills shortage: report

The lack of cyber security professionals is felt more acutely in Australia than in other countries, according to a report by US think tank, the Center for Strategic and International Studies.

The survey, commissioned by Intel Security, found that 88 per cent of Aussie IT decision makers believe there is a shortage of cyber security skills both in their organisation and within the nation. That figure is on a par with IT chief’s in Mexico, but higher than the six other countries surveyed.

The survey’s 75 Australian respondents, also predicted that 17 per cent of cybersecurity positions advertised by their company would go unfilled by 2020, higher than the 15 per cent of jobs estimated globally.

The scarcest skills among an Australian organisation’s cybersecurity professionals were reported to be ‘technical skills in intrusion detection’, ‘technical skills in software development’ and ‘technical skills in attack mitigation’.

Education and experience

Globally, the survey participants agreed that although a relevant bachelor degree was expected as a minimum requirement to entry level cyber security jobs, experience was a better way to acquire skills.

In Australia 57 per cent of organisations look for a Bachelor’s degree as a minimum requirement, but only 27 per cent said this was important when evaluating candidates for cyber security jobs. Only a quarter believed education programs fully prepare professionals for the industry.

Australian companies put particular weight on a candidate’s experience of working with a competitor with 55 per cent calling this the most important factor when evaluating a potential employee.

”From a recruitment perspective the skills shortage in the security industry is nothing new, however we are finding it increasingly difficult to source stellar candidates due to the ever changing and competitive nature of the IT Security market,” said director of Melbourne IT executive recruitment company Halcyon Knights, Brent Skinner.

“Years of experience is no longer the be all when assessing candidates, clients are seeking ‘new age’ candidates that have grown up in the cloud and cyber security world, who possess creativity and a technical curiosity that set them apart.”

Critical impact

The lack of local skills is having a detrimental effect on Australian businesses said Andy Hurren, Intel's Sydney-based security solutions architect.

Responding to the findings that 44 per cent of Australian businesses felt that they are a target for hackers due to limited cyber security (the second highest behind Israel) and nearly a third said they had already lost proprietary data, he said: “The need for a stronger cyber security workforce is critical. The skills shortage is clearly having an impact on companies across Australia. It’s a clear issue affecting our industry and whilst the shortage is well known, this report helps to shine a spotlight on just what it means to our local businesses.

"Every day we are seeing seats go unfilled due to the shortage and we must rectify this. We as an industry need to do more to cultivate and encourage development of the right security skill sets for tomorrow’s workforce.”

The shortage does mean it’s a great time to be a cyber security professional. The report – which questioned private and public sector IT leaders in Australia, France, Germany, Israel, Japan, Mexico, the UK and US – noted that the demand had driven up salaries, highlighting US data that shows cyber security positions pay almost 10 per cent more than other IT jobs.

“We are seeing first-hand the effects this is having in terms of recruitment with the competition for experienced professionals driving up salaries, making it harder for employers to retain staff and often necessitating a greater emphasis and reliance on overseas candidates to fill skill gaps," explained Sydney-based security recruiter and director of Inview Consulting Skye Kirkby-Gray.

Government role

Globally 76 per cent of respondents said their governments are not investing enough in programs to help cultivate cyber security talent and believe laws and regulations for cyber security in their country are inadequate.

In Australia, however, nearly 80 per cent of respondents felt laws were effective, and 68 per cent believed them to be the ‘right level of strictness’.

In April the government launched its $230m Cyber Security Strategy with 33 initiatives aimed at improving defences and creating a 'cyber smart nation'.

Australian IT leaders surveyed believed the country was well informed on the issue of data privacy and data security.