A recent survey conducted by ISACA has highlighted the growing stress levels faced by cybersecurity professionals in Australia. According to the report, 64% of respondents indicated that their roles have become more stressful over the past five years. This sentiment is slightly above the global average.
The survey, which garnered insights from over 1,800 cybersecurity experts worldwide, was backed by Adobe and highlighted various factors contributing to this heightened stress. A staggering 85% of Australian professionals cited the increasingly complex threat environment as the primary stressor.
Additionally, 48% pointed to inadequate budgets, while 50% identified issues related to hiring and retention as significant contributors to their stress levels. Notably, 35% of Australian respondents mentioned a lack of focus on prioritizing cybersecurity risks, marginally higher than the global average of 34%.
High Levels of Stress Among Australian Cybersecurity Professionals
While the report highlights the challenges faced in the field, it also reveals a concerning trend regarding training. Globally, 45% of cybersecurity professionals reported issues with insufficiently trained staff. However, in Australia, this figure was somewhat lower, with 37% acknowledging this challenge. Despite this relatively better statistic, the skills gap remains a pressing concern for the industry.
Cyberattacks continue to plague organizations, and Australian cybersecurity professionals are acutely aware of the threat. The survey indicated that 29% of Australian organizations reported an uptick in attacks, which is slightly less than the global average of 38%. Among the types of attacks, social engineering and third-party breaches were the most frequently cited, each noted by 19% of respondents. Other significant concerns included security misconfigurations and the exposure of sensitive data.
Perhaps most interestingly, 53% of Australian professionals expect to encounter a cyberattack in the next year, surpassing the global average of 47%. However, confidence in their organizations’ ability to effectively detect and respond to such threats is low, with only 32% expressing a high degree of assurance. Compounding this issue, 57% of respondents were unaware of their organization’s cyber insurance status.
Jo Stewart-Rattray, ISACA’s Oceania Ambassador, offered a nuanced perspective on the situation. While she acknowledged a decrease in reported cybersecurity incidents in Australia, she emphasized the need for continued vigilance. Despite a lower number of respondents reporting cyber-attacks in Australia than in other parts of the world, we know that each attack is increasing in complexity, requiring even more effort, energy, and intelligence from cybersecurity professionals,” she stated.
Budget and Staffing Issues
The report also drew attention to pressing budget and staffing issues within organizations. Approximately 47% of respondents reported that their cybersecurity budgets are underfunded, with only a third expecting an increase in the coming year. In terms of personnel, 51% of organizations indicated that their teams are understaffed. However, the pace of hiring appears to have slowed, with 44% of organizations reporting no open positions.
In examining trends related to skills and retention, the survey revealed that employers are increasingly prioritizing candidates with hands-on experience and relevant credentials. A significant skills gap was identified in areas such as communication, critical thinking, and cloud computing. High-stress levels, insufficient financial incentives, and competitive recruitment from other companies were identified as primary factors hindering the retention of qualified candidates.
Jon Brandt from ISACA offered insight into how organizations can better support their cybersecurity staff. He suggested that employers need to focus on managing the occupational stress experienced by their cybersecurity professionals. “Employees want to feel valued. As the leadership adage goes, take care of your people and they’ll take care of you,” Brandt emphasized.
Mike Mellor from Adobe echoed these sentiments, drawing attention to the rising threat of social engineering attacks. He stressed the importance of securing authentication methods as a critical measure in fortifying organizational defenses. Fostering a security culture combined with strong technical controls is essential for safeguarding organizations against such threats,” Mellor noted.