Sixty-four percent of Australian cybersecurity professionals say their role is more stressful now than it was five years ago, according to a new survey by global professional association ISACA.

The 2024 State of Cybersecurity, which surveyed 1,800 global cyber professionals, found that 85% of local respondents blamed stress on an increasingly complex threat landscape, compared with 81% of global respondents.

The report also revealed:

• 48% of Australians cited a low budget as a factor, compared with 45% globally.
• 50% said worsening hiring and retention challenges contributed to their stress, versus 45% globally.
• 35% nominated a lack of prioritisation of cybersecurity risks, compared with 34% globally.

Meanwhile, the 63% of survey respondents in Australia who reported difficulties retaining qualified cyber talent named the main reason as high work stress levels (60% compared with 46% globally).

SEE: Sophos report finds cyber security burnout is high across APAC

Only 35% of respondents in Australia named insufficiently trained staff as a main contributor to job stress, which was significantly less than the 45% who consider this as a problem across other global markets.

Australian cyber professionals seeing more threats than a year ago

Twenty-nine percent of respondents from Australia said they were experiencing more cyber security attacks than a year ago, which was somewhat better than the 38% reported globally.

The top attack types named were:

• Social engineering (19%).
• Third-party (19%).
• Security misconfiguration (14%).
• Sensitive data exposure (13%).
• Unpatched system (13%).

With more threats, half of respondents in Australia (53%) are expecting they will see a cyberattack on their organisation in the next year, higher than that of the global average of 47%.

If attacked, just 32% have a high degree of confidence in their team’s ability to detect and respond.

Despite the mounting legal risk for cyber teams, they seem to be in the dark about insurance coverage, with 57% of respondents in Australia not knowing what, if any, cyber insurance their organisation has.

Investment in cyber security and team headcount falls short

Gartner has predicted an IT spending surge in 2025, led by investments in cyber and AI. And it appears cyber professionals will welcome a budget boost — especially if it results in more cyber hires.

According to the ISACA, Australian cyber pros believe budgets have not kept pace with the demands of their organisations and roles as cyber threats have worsened.

Per the report, in Australia:

• 47% of respondents argued their cyber functions were underfunded. Despite more significant spending market-wide, only 33% expected cyber budgets to increase in the next year.
• More than half (51%) believed that their cyber security teams are understaffed for the job at hand, but even so, 44% said that their organisations had no open positions for new recruits to the team.
• 42% have non-entry level cybersecurity positions open, while only 14% are advertising entry-level opportunities.

SEE: Should you pay the ransom if you are hit by a ransomware attack?

Organisations prioritise candidates with cybersecurity experience

Despite a widely reported cybersecurity skills crisis, the industry remains challenging to break into with entry-level qualifications, as many employers prefer candidates with cybersecurity or previous IT experience.

ISACA’s survey found that among employers seeking qualified candidates for open roles, most (82%) prioritised prior hands-on experience, while 36% emphasised the importance of credentials. However, the preference for experience may cost the industry longer term. Globally, the industry is aging, with the largest percentage of respondents (34%) falling between 45 and 54 for the first time in 10 years.

The report stated: “These results, combined with no uptick in the percentage of respondents who are ages 34 and below and no increase in the number of respondents who manage staff with less than three years of experience, are an alert to industry leaders to consider succession plans for any sudden increase in attrition.”

Australian respondents identified the primary skills gap in cyber professionals as soft skills (47%), particularly communication, critical thinking, and problem solving, along with cloud computing (38%).

Lack of confidence in cyber defence is concerning

Analysing the results for the Oceania region, Jo Stewart-Rattray expressed to TechRepublic that it was reassuring to see fewer reported attacks in Australia than globally — but organisations should still continue to expand their vigilance.

“Despite a lower number of respondents reporting cyber-attacks in Australia, we know each attack is increasing in complexity, requiring more effort, energy and intelligence from cyber professionals,” she said.

“Staying ahead of new technologies and digital weapons is all-consuming and this certainly explains why cyber pros in Australia are feeling increased stress in their jobs.”

Stewart-Rattray said ongoing education and training was needed to keep pace with evolving threats.

“The gap between the anticipated likelihood of a cyberattack in the coming year and the confidence in handling it is concerning,” she said. “Knowledge, preparedness and teamwork remain integral to preserving digital security.”