Australian cybersecurity roles increasingly stressful, says ISACA survey

A recent survey by ISACA has revealed that 64% of cybersecurity professionals in Australia regard their roles as being more stressful than it was five years ago. The report, the 2024 State of Cybersecurity, highlights that stress levels among Australian professionals in this field are slightly higher than the global average.

The study, backed by Adobe, collected feedback from over 1,800 cybersecurity professionals worldwide. Respondents indicated several reasons for increased stress, with 85% citing a more complex threat landscape, 48% pointing to low budgets, and 50% identifying hiring and retention challenges as significant factors. A lack of focus on prioritising cybersecurity risks was also noted by 35% of Australian professionals, just above the global figure of 34%.

The report noted that, on a global scale, 45% of cybersecurity professionals reported issues with insufficiently trained staff, although this was less of a concern in Australia, where 37% of respondents flagged the issue.

Cybersecurity attacks continue to be a major issue for organisations. In Australia, 29% of organisations reported an increase in attacks, slightly lower than the global average of 38%. Social engineering and third-party attacks were the most common types, each reported by 19% of responses, followed by security misconfigurations and sensitive data exposure.

Moreover, 53% of Australian respondents expect a cyberattack in the next year, surpassing the global average of 47%. However, only 32% expressed a high degree of confidence in their organisation's ability to detect and respond to such threats. Additionally, 57% were unaware of what cyber insurance, if any, their organisation had in place.

According to Jo Stewart-Rattray, ISACA's Oceania Ambassador, reduced numbers of reported cybersecurity incidents in Australia are positive, but vigilance must remain a priority. "Despite a lower number of respondents reporting cyber-attacks in Australia than in other parts of the world, we know that each attack is increasing in complexity, requiring even more effort, energy and intelligence by cyber professionals," she stated. She further expressed concern over the low confidence in handling potential attacks and stressed the importance of ongoing education and training.

Budget and staffing challenges were also noted within the report. Around 47% of respondents indicated that cybersecurity budgets are underfunded, with only a third expecting an increase in the upcoming year. Meanwhile, 51% of organisations reported understaffed teams, yet the pace of hiring has slightly reduced, with 44% of organisations reporting no open positions.

The survey also shed light on skills and retention trends where employers are placing emphasis on candidates with prior hands-on experience and relevant credentials. A significant skills gap was identified in communication, critical thinking, and cloud computing areas. High work stress levels, insufficient financial incentives, and recruitment by other companies were primary reasons for difficulties in retaining qualified candidates.

Jon Brandt from ISACA commented on the situation by suggesting that employers need to shift focus towards managing the occupational stress experienced by cybersecurity professionals. He highlighted that "Employees want to feel valued. As the leadership adage goes, take care of your people and they'll take care of you."

Mike Mellor from Adobe emphasised the rising concern of social engineering attacks and stressed the importance of securing authentication methods to strengthen an organisation's defences. He advised that fostering a security culture combined with strong technical controls is essential for safeguarding organisations against such threats.