Australians could continue to have their data stolen in record numbers unless action is taken to boost the nation’s cybersecurity workforce, a report warns.

The call to action from security services firm StickmanCyber followed an analysis of Australian employment data showing the nation had fewer than 12,000 cybersecurity specialists, or one for every 240 businesses.

The figure, which the report called a “worrying shortage”, came despite a rise in data breaches reported to the Office of the Australian Information Commissioner, and high-profile online attacks involving sensitive health and financial information.

The report, called Australia’s Cybersecurity and Technical Skills Gap, analysed census and labour force data from the Australian Bureau of Statistics between 1997 and 2024.

It found 127,000 people were employed in roles related to cybersecurity, but less than 10 per cent – or 11,387 people – filled specialist roles in the field.

Those roles include cybersecurity co-ordinators, architects, analysts, engineers and penetration testers, making up three per cent of the technology workforce.

The analysis also found few cybersecurity professionals were female, with women representing 16 per cent of the workforce and only five per cent in fields such as penetration testing and cybersecurity architecture.

Australia also relied heavily on migrant workers, the report found, with 51 per cent of cybersecurity workers from other countries, including India, England, China and New Zealand.

StickmanCyber chief executive Ajay Unni said the scarcity of trained cybersecurity specialists would leave Australian businesses vulnerable to online attacks.

“Many recent high-profile breaches are a natural consequence of Australia’s cybersecurity and technical skills gap,” he said.

“Companies cannot realistically expect their IT guy, who handles email complainants and forgotten passwords most of the day, to protect them from sophisticated ransomware groups.”

The report recommends the federal government prioritises cybersecurity training, in addition to its focus on STEM subjects.

“There are no quick fixes to this problem,” Mr Unni said.

“Right now, migrants with technical skills are filling a lot of technical roles, but Australia needs to incentivise young people and students to pursue a career in cyber.”

More than 480 data breaches were reported to the Office of the Australian Information Commissioner in the second half of 2023, representing a rise of 19 per cent.

Health services suffered the greatest number of incidents, at 104, followed by finance firms, insurance companies, retail outlets, and Australian government agencies, and 67 per cent of breaches were the result of a malicious or criminal attack.

Prominent data thefts in 2024 have included an attack on MediSecure, which exposed the personal information of 12.9 million Australians, and a breach of Ticketmaster data that affected 560 million customers worldwide.

 

Jennifer Dudley-Nicholson
(Australian Associated Press)