Sixty-four percent of Australian cybersecurity professionals say their role is more stressful now than it was five years ago, according to a new survey by global professional association ISACA.
The 2024 State of Cybersecurity, which surveyed 1,800 global cyber professionals, found that 85% of local respondents blamed stress on an increasingly complex threat landscape, compared with 81% of global respondents.
The report also revealed:
Meanwhile, the 63% of survey respondents in Australia who reported difficulties retaining qualified cyber talent named the main reason as high work stress levels (60% compared with 46% globally).
SEE: Sophos report finds cyber security burnout is high across APAC
Only 35% of respondents in Australia named insufficiently trained staff as a main contributor to job stress, which was significantly less than the 45% who consider this as a problem across other global markets.
Twenty-nine percent of respondents from Australia said they were experiencing more cyber security attacks than a year ago, which was somewhat better than the 38% reported globally.
The top attack types named were:
With more threats, half of respondents in Australia (53%) are expecting they will see a cyberattack on their organisation in the next year, higher than that of the global average of 47%.
If attacked, just 32% have a high degree of confidence in their team’s ability to detect and respond.
Despite the mounting legal risk for cyber teams, they seem to be in the dark about insurance coverage, with 57% of respondents in Australia not knowing what, if any, cyber insurance their organisation has.
Gartner has predicted an IT spending surge in 2025, led by investments in cyber and AI. And it appears cyber professionals will welcome a budget boost — especially if it results in more cyber hires.
According to the ISACA, Australian cyber pros believe budgets have not kept pace with the demands of their organisations and roles as cyber threats have worsened.
Per the report, in Australia:
SEE: Should you pay the ransom if you are hit by a ransomware attack?
Despite a widely reported cybersecurity skills crisis, the industry remains challenging to break into with entry-level qualifications, as many employers prefer candidates with cybersecurity or previous IT experience.
ISACA’s survey found that among employers seeking qualified candidates for open roles, most (82%) prioritised prior hands-on experience, while 36% emphasised the importance of credentials. However, the preference for experience may cost the industry longer term. Globally, the industry is aging, with the largest percentage of respondents (34%) falling between 45 and 54 for the first time in 10 years.
The report stated: “These results, combined with no uptick in the percentage of respondents who are ages 34 and below and no increase in the number of respondents who manage staff with less than three years of experience, are an alert to industry leaders to consider succession plans for any sudden increase in attrition.”
Australian respondents identified the primary skills gap in cyber professionals as soft skills (47%), particularly communication, critical thinking, and problem solving, along with cloud computing (38%).
Analysing the results for the Oceania region, Jo Stewart-Rattray expressed to TechRepublic that it was reassuring to see fewer reported attacks in Australia than globally — but organisations should still continue to expand their vigilance.
“Despite a lower number of respondents reporting cyber-attacks in Australia, we know each attack is increasing in complexity, requiring more effort, energy and intelligence from cyber professionals,” she said.
“Staying ahead of new technologies and digital weapons is all-consuming and this certainly explains why cyber pros in Australia are feeling increased stress in their jobs.”
Stewart-Rattray said ongoing education and training was needed to keep pace with evolving threats.
“The gap between the anticipated likelihood of a cyberattack in the coming year and the confidence in handling it is concerning,” she said. “Knowledge, preparedness and teamwork remain integral to preserving digital security.”