Sydney, Australia (2 October 2024)—Sixty-four percent of cybersecurity professionals in Australia say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.

The annual study, sponsored by Adobe, showcases the feedback of more than 1,800 cybersecurity professionals globally on topics related to the cybersecurity workforce and threat landscape. According to the data, Australian cybersecurity professionals are feeling the stress at slightly higher rates than their global peers for reasons including:

• An increasingly complex threat landscape (85 percent vs 81 percent globally)
• Low budget (48 percent vs 45 percent globally)
• Worsening hiring/retention challenges (50 percent vs 45 percent globally)
• Lack of prioritisation of cybersecurity risks (35 percent vs 34 percent globally)

Global cybersecurity professionals are feeling the strain of insufficiently trained staff at a higher rate than in Australia, at 45 percent compared to 37 percent locally.

Status of Cybersecurity Attacks

In line with the sentiment around challenging threats, 29 percent of organisations in Australia are experiencing increased cybersecurity attacks (38 percent globally). These top attack types include social engineering (19 percent), third party (19 percent), security misconfiguration (14 percent), sensitive data exposure (13 percent) and unpatched system (13 percent).

On top of that, more than half of respondents in Australia (53 percent) expect a cyberattack on their organisation in the next year (higher than the global average of 47 percent), and only 32 percent have a high degree of confidence in their team’s ability to detect and respond to cyber threats.

In addition to this, 57 percent of organisations in Australia don’t know what kind of cyber insurance, if any, their organisation carries.

Jo Stewart-Rattray, ISACA’s Oceania Ambassador said while it’s pleasing to see less reported cybersecurity incidents in Australia than globally, organisations must continue to expand vigilance.

“Despite a lower number of respondents reporting cyber-attacks in Australia than in other parts of the world, we know that each attack is increasing in complexity, requiring even more effort, energy and intelligence by cyber professionals,” said Ms Stewart-Rattray. “Staying ahead of new technologies and digital weapons is all-consuming and this certainly explains why cyber pros in Australia are feeling increased stress in their jobs.

“The gap between the anticipated likelihood of a cyberattack in the coming year and the confidence in handling it is concerning. It highlights the urgent need for ongoing education and training to keep pace with evolving threats. Knowledge, preparedness and teamwork remain integral to preserving digital security,” added Ms Stewart-Rattray.

Resource Challenges

Despite an increasingly difficult threat landscape, the survey shows cybersecurity budgets and staffing are not keeping pace. Almost half (47 percent) say that cyber budgets are underfunded and only 33 percent expect budgets will increase in the next year.

Though 51 percent of organisations say their cybersecurity teams are understaffed, hiring has slightly slowed:

• 44 percent of organisations have no open positions
• 42 percent of organisations have non-entry level cybersecurity positions open
• 14 percent have entry-level positions open

Skills and Retention Trends

Employers seeking qualified candidates for open roles are prioritising prior hands-on experience (82 percent) and credentials held (36 percent). Respondents indicate that the main skills gap they see in cybersecurity professionals are soft skills (47 percent)—especially communication, critical thinking and problem solving—and cloud computing (38 percent).

For the more than half of survey respondents in Australia (63 percent vs 55 percent globally) that reported having difficulties retaining qualified cyber candidates, the main reasons for leaving included being high work stress levels (60 percent vs 46 percent globally), poor financial incentives (57 percent), and recruitment by other companies (54 percent).

“Employers should hone in on the occupational stress their digital defenders are facing. This is an opportunity for employers to explore ways to support staff before burnout and attrition occur,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “Employees want to feel valued. As the leadership adage goes, take care of your people and they’ll take care of you.”

Commenting on the status of cybersecurity attacks, Mike Mellor, VP of Cyber Operations at Adobe said social engineering attacks, such as phishing, are a growing concern for organisations as human error remains a major factor in data breaches. “With the increasing frequency and sophistication of these attacks, it’s essential for organisations to adopt secure authentication methods to strengthen their defences. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organisation.”

A complimentary copy of ISACA’s 2024 State of Cybersecurity survey report can be accessed at www.isaca.org/state-of-cybersecurity-2024.