Industry is too small, too male, and is propped up by overseas nationals
COMPANY NEWS: StickmanCyber,, one of “Australia’s Cybersecurity and Technical Skills Gap top cybersecurity services companies, has released its report “Australia’s Cybersecurity and Technical Skills Gap”.
The report warns that the Australian cybersecurity industry is far smaller than previous estimates. It says that the lack of skilled security professionals is to blame for the spate of recent data breaches, and increases the risk of future cybersecurity incidents.
The report also highlights the industry’s severe gender imbalance and overreliance on overseas nationals to fill critical cybersecurity roles – which the authors say is not an optimal long-term solution to the problem.
In the report, StickmanCyber conducted analysis of the latest Australian census as well as labour force data 1997-2024. Key findings include:
- There are only 11,387 cybersecurity workers in the entire country in vital roles such as penetration tester, cybersecurity engineer, cybersecurity analyst, cyber governance risk and compliance specialist – according to the latest census figures
- Only 3% of all Australian ICT professionals are currently in specialised cybersecurity positions. There is just one cybersecurity pro for every 240 Australian businesses
- 51% of cybersecurity professionals were born outside of Australia – Australia has become wholly dependent on skilled migrants to plug its technical skills gaps
- Only 16% of Australian cybersecurity professionals are women and just one in 20 pen testers or cybersecurity architects are women (5%)
“The Australian cybersecurity industry is growing, but there is a worrying shortage of technical cybersecurity skills and very few Australians are in dedicated cybersecurity roles such as penetration testing. Many recent high-profile breaches are a natural consequence of Australia’s cybersecurity and technical skills gap. Too much of the cybersecurity burden is falling to IT teams and professionals with a broad knowledge of IT, who lack specialised cybersecurity expertise. They don’t have the expertise needed to protect a business. There is also a degree of disproportionate trust in technology. Australia needs more security people, not products.
“There are no quick fixes to this problem. Right now, migrants with technical skills are filling a lot of technical roles, but Australia needs to incentivise young people and students to pursue a career in cyber – especially women. Companies also need to improve working conditions and reduce burnout to ensure that people stay in the field. In the short-term, businesses that cannot find the skills they need in-house must look to trusted third party security service providers who have the skills they lack. Every business needs a dedicated team that can be held responsible for building up and managing their security properly."
ABOUT STICKMANCYBER
StickmanCyber is a leading and innovative Australian Compliance and Security as a Service (CSaaS) provider. It keeps organisations safe by identifying & mitigating cyber risks, threats, while also automating their compliance and providing comprehensive reporting across all cyber risks, operations and compliance standards.