65% of Cybersecurity Teams in Oceania are Understaffed

In Oceania, higher levels of understaffing (65 percent); somewhat or significantly underfunded cybersecurity budgets (61 percent); and lower confidence in their organisation’s ability to detect and respond to cyber threats (only 36 percent are completely or very confident), have been revealed in ISACA’s annual research report, State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations.

Interestingly, only 42 percent of respondents in Oceania say their organisation conducts a cyber-risk assessment at least annually – compared to 43 percent in 2022 – despite 56 percent reporting an increase in attacks over the past twelve months.

Globally, the ninth annual survey reveals soft skills, cloud computing and security controls are emerging as the biggest skills gaps in today’s cybersecurity professionals.

Jo Stewart-Rattray, Oceania Ambassador, ISACA said the State of Cybersecurity research has been highly anticipated considering the escalating threat landscape experienced in our region over the past twelve months.

“It is concerning that sixty-five percent of cybersecurity leaders in the region said their teams remain understaffed, considering 93 percent say they are experiencing the same or increased number of attacks compared to a year ago,” said Ms Stewart-Rattray.

Among those with cybersecurity positions open in their organisations, 51 percent of respondents have job openings for non-entry level roles, compared to 19 percent with job openings for entry-level positions. Oceania sits just behind India and alongside Africa, anticipating an 82 percent increase in demand for technical cyber professionals over the next year.

“Under-staffing remains a critical issue facing the sector and it’s time for organisations to create real change by re-considering hiring practices and increasing opportunities for entry-level positions and training up staff,” added Ms Stewart-Rattray.

“A key element of the Australian Federal Government’s newly announced ‘six cyber shields’ is to ensure cybersecurity is a desirable profession for young people. ISACA’s research indicates 58 percent of organisations don’t require entry-level applicants to hold a University degree.

“As a sector, we must therefore ensure mentoring and other methods of training, support and incentives are escalated so young people, and those transitioning from other sectors, feel equipped to pursue a cyber career and supported to remain in one.”

Staffing and Skills

The research indicates some strides have been made in addressing employee retention, but it continues to be a challenge. More than half of cybersecurity leaders in Oceania (70 percent) say they have difficulty retaining qualified cybersecurity professionals.

This is despite benefits offered to cybersecurity pros increasing. In Oceania, university tuition reimbursement is 15 percent (compared to 9 percent in 2022), recruitment bonuses are 21 percent (compared to 13 percent in 2022) and reimbursement of certification fees at 58 percent (up from 55 percent in 2022).  

Cybersecurity Threats

When looking at the cybersecurity threat landscape, 93 percent of Oceania respondents reported the same or increased cybersecurity attacks, compared to only 8 percent who reported fewer attacks. Despite this, only 36 percent of respondents are very or completely confident their organisation’s ability to detect and respond to an attack.

The top three attack concerns in Oceania remain the same as last year—enterprise reputation (86 percent), data breach concerns (70 percent) and supply chain disruptions (55 percent).

A complimentary copy of the State of Cybersecurity 2023 survey report can be accessed at www.isaca.org/state-of-cybersecurity-2023, along with related resources. The ninth annual survey, sponsored by Adobe, explores the latest cybersecurity threat landscape, hiring challenges and opportunities, and budgets, with insights from more than 2,000 security leaders around the world.