A new report has found that Australia's cybersecurity skills pool is smaller than previously thought.
The report, titled “Australia’s Cybersecurity and Technical Skills Gap,” an analysis by security vendor StickmanCyber and based on an analysis of census and workforce data from the Australian Bureau of Labor Statistics, revealed a shortage of 10,000 technical roles across the country. There is just one cybersecurity professional for every 240 Australian businesses.
The lack of Australian security professionals is partly responsible for the series of recent data breaches in the region and increases the risk of future cybersecurity incidents.
The current landscape of computer skills in Australia
According to the report, several factors contribute to the IT skills gap.
First, the rapid pace of technological change combined with the evolving nature of cyber threats has created a demand for professionals with highly specialized skills that are not necessarily easy to train to integrate into an existing workforce.
As a result, the supply of people with these skills is being outstripped by demand.
As Ajay Unni, CEO of StickmanCyber, said in an interview with TechRepublic: “Cybersecurity is a relatively new discipline, having emerged in the last decade. It requires a multidisciplinary approach, combining technical expertise with strategic oversight. Unfortunately, the talent pool with this unique skill set is limited, with larger companies often out-sourcing smaller companies these professionals.”
The impact on companies
The shortage of skilled personnel will be particularly acute for small and medium-sized businesses, which often lack the resources of large corporations and struggle to compete in an “arms race” for salaries. As a result, they are increasingly turning to managed security service providers to fill the gap.
Companies are becoming more comfortable with this approach, Unni said.
“Outsourcing cybersecurity is becoming as common as outsourcing IT, accounting and legal functions,” he explained. “But for this to be effective, organisations need to set clear objectives and define the scope of work. This ensures that they will receive a high-quality result at a reasonable cost.”
However, relying solely on MSSPs is not a sustainable long-term solution. Managed services work best in collaboration with internal teams, and SMEs still need to look for ways to develop their internal capabilities to manage and mitigate cyber risks. This requires a strategic focus on training and upskilling existing staff, as well as attracting new talent to the sector.
Government initiatives and their effectiveness
Meanwhile, the Australian government has recognised the importance of cybersecurity and has initiated several programs to address the skills shortage. These initiatives include the creation of multiple agencies at both federal and state levels and the appointment of a national cybersecurity coordinator.
However, as previously noted on TechRepublic, this interest and commitment to cybersecurity is potentially a well-intentioned catalyst for an even deeper skills challenge.
Moreover, the effectiveness of these initiatives remains debatable. As Unni said, “While these initiatives are positive, they often lack coordination. The multitude of agencies can lead to fragmented efforts.”
“There is a real need for a more unified approach to skills development, particularly in growing these skills in rural and remote areas where access to training and resources is limited.”
Short-term solutions: closing the immediate gap
According to Unni, Australian organisations, educational institutions and governments need to coordinate to find short- and long-term solutions to these challenges. In the short term, smaller cybersecurity companies can mentor recent graduates and provide them with practical experience.
“Smaller companies should embrace recent graduates and train them,” Unni said. “Larger companies often have graduate programs, but these are often too competitive and difficult to access. Smaller companies can offer more personalized mentoring, helping to bridge the gap between education and industry requirements.”
He also suggested that governments offer internships in cybersecurity agencies to encourage graduates to enter the field. “This would provide invaluable real-world experience and help create a pipeline of skilled professionals ready to meet the demands of the industry,” Unni noted.
Long-term strategies: building a sustainable workforce
In the meantime, properly addressing the IT skills shortage requires a multifaceted and long-term approach. Educational institutions can play a key role by updating curricula to reflect the latest developments in cybersecurity. This includes not only technical skills, but also critical thinking, problem-solving and strategic planning.
Furthermore, there is an urgent need to make the cybersecurity field more inclusive. Women remain significantly underrepresented in the industry. As StickmanCyber’s research noted, only 16% of cybersecurity professionals are women.
This is a trend that needs to be reversed to fully leverage the available talent pool.
“Having worked in the IT and cyber sector for over 35 years, I have worked with many women who have been amazing at what they do,” Unni said. “We see no reason why this can’t happen across the industry. Given that our national cybersecurity coordinator is a woman, I hope this will encourage more women to enter the profession.”
Australia has gotten itself into a mess by being slow to move on cybersecurity. Addressing the problem will require a significant effort, involving a national effort across the public and private sector to invest in education, deliver targeted training programs and create pathways for underrepresented groups to enter the field.