Australia continues to grapple with a persistent skills shortage, resulting in a slow-paced hiring landscape across the nation. Notably, the most coveted roles are those in the realm of cybersecurity, as highlighted by the Hays’ Salary Guide. Given the ever-growing importance of cybersecurity within organisations, this isn’t surprising. Nevertheless, business leaders should not stand idly by, allowing security gaps to persist while waiting for improvements in hiring conditions.
Organisations must initiate internal discussions and strategies to upskill their workforce and introduce user-friendly security solutions, fortifying their cybersecurity posture. Neglecting these measures will only expose organisations to the looming threat of cyberattacks.
The skills shortage dilemma
Organisations well-versed in cybersecurity principles play a pivotal role in safeguarding the Australian business landscape. “Cyber literacy,” which is the ability to effectively protect digital assets, is no longer the sole responsibility of cybersecurity professionals. Instead, it should be regarded as an essential skill for every Australian, regardless of their role. As a result, the demand for cybersecurity experts is skyrocketing, with AustCyber estimating that Australia may need an additional 16,600 cybersecurity professionals, encompassing both technical and non-technical positions, by 2026.
This shortage of skilled professionals has far-reaching consequences within the Australian job market, resulting in a ripple effect across businesses. On the most alarming front, understaffed organisations face a higher risk of cyberattacks, as evidenced by the 409 data breaches reported to OAIC in the first half of 2023.
Moreover, understaffed organisations only exacerbate the strain on existing IT workers. When IT teams operate with insufficient staffing levels, not all tasks can be executed at the highest standard, leading to heightened vulnerabilities, extended downtimes, disruptions, and a diminished overall customer and employee experience.
Hence, given the escalating business impact associated with understaffing, it becomes imperative to ensure that a shortage of skilled professionals does not equate to a shortage of security.
Harnessing internal expertise
When external hiring is unfeasible, organisations should shift their focus towards enhancing internal operations. Large companies can tap into their workforce’s transferable skills from other departments, especially from the broader IT team. Businesses can do this by providing pathways to accelerate the transition of workers from outside the sector into cybersecurity roles.
In smaller organisations where cybersecurity responsibilities predominantly fall on IT teams, the focus should center on alleviating day-to-day pressures. By harnessing the power of Artificial Intelligence (AI), IT personnel lacking the skills to create intricate scripts can use AI to generate commands, effectively teaching themselves and acquiring valuable new skills in the process. This allows IT teams to foster internal growth while senior technicians concentrate on cybersecurity practices.
However, the most substantial enhancement in strengthening the cybersecurity posture, especially when faced with hiring constraints, arises from a collective responsibility shared by every employee within the organisation. As James Turner, Founder of CISO Lens, remarked at the recent AFR Cyber Summit, “We hear the statistics that 17,000 more security experts are needed in the next five nanoseconds, or something, but I don’t think it’s a useful stat. What would be much more interesting would be 100,000 people who actually cared about security.”
Cybersecurity should be a focal point for everyone within the organisation, and business leaders must cultivate a culture of cybersecurity awareness. Employees who practice fundamental cyber hygiene, such as recognising phishing emails, enforcing robust password policies, and utilising multi-factor authentication, can significantly reduce the risk of account breaches, thereby lightening the workload of IT teams.
Leveraging IT leadership within organisations
In addressing cybersecurity gaps, it is crucial to leverage the expertise already present in an organisation’s IT leadership and teams. Beyond transforming into dedicated cybersecurity professionals, IT teams can and should assume leadership roles in cybersecurity investment.
According to GoTo’s 2023 IT Priorities Report, when it comes to deciding on new digital tools, 39 per cent of Australian business leaders took their IT team’s recommendations. Moving forward, organisations should lean on their IT teams’ insights regarding the most suitable security tools, such as mobile device management for remote and mobile working, zero trust security, or antivirus management software. This not only conserves resources but also enhances efficiency and minimises risk in budget-constrained environments.
The cybersecurity skills shortage shows no signs of slowing, and threats are only becoming more potent and widespread. In the face of staffing shortages, it is imperative that organisations explore internal solutions for upskilling, investments, and, most importantly, instilling a culture of security awareness. A shortage of skills should not result in a lacklustre cybersecurity strategy.