AISA Research Reports

Cyber Skills Study 2024

There has been considerable public debate about the causes of the labour shortage in cyber security in Australia. The Australian Information Securities Association (AISA) through the Investment NSW Cyber Business Exchange funded program has delivered a project shedding light of the competencies and roles available in today’s Australian Cyber Security workforce.    The Cyber Skills Study Report 2024 provides an in depth study into what skills and competencies are in demand and what will be required for the roles that will be in demand for the next three years.

Key Findings:

  •  The majority of organisations of all sizes continue to maintain in-house cyber security capabilities. 
  • Respondents who were not responsible for hiring staff tended to rate competencies as more important than those who were responsible for hiring.
  • All cyber competencies, with the exception of AI Security were rated as “Extremely important” or “Very important” by the majority of respondents. • Different industries rated the importance of competencies differently. 
  • The size of the organisation (number of employees) impacted on how important respondents considered competencies. Smaller organisations tended to rank competencies as more important when compared to large organisations.
  • The majority of respondents rated AI Security as only “Somewhat important” or “Less important”. All other competencies had a majority of respondents rating them as “Extremely important” or “Very important”. 
  • Contrasting with its importance rating, AI Security was rated as having an “Extremely large” or “Very large” gap by a greater proportion of respondents than any other competency.
  • Industry had a lesser, but still discernible, impact on the perceived skills gap. Size and hiring responsibility did not have a discernible impact. 
  • Jobs and Skills Australia data indicates that the shortages for cyber security specific roles remain, and that demand is expected to continue to grow beyond the economic average.
  • Cyber security leadership roles do not indicate a shortage. A few cyber related development roles are no longer in shortage, with many now projected to see growth consistent with the economy wide average in comparison to beyond economy wide growth in demand in previous years.

    Download the full report and recommendations here

Research - Industry’s Views on Introducing Accreditation / Professionalisation

Key Findings:

  • There is no single door of entry into the cyber security profession: people follow many paths into it including tertiary education, work experience and certificates issued by private companies among others.
  • Prospective employers of cyber security professionals value the following three candidate criteria well above all others: aptitude (ability to learn), work experience and attitude.
  • A candidate’s industry certification, education experience and background trail behind a candidate’s work experience by 40 percentage points.
  • Support for introducing an industry accreditation scheme is mixed.
  • Slightly more than half of respondents wanted some accreditation of the sector to ensure a base level of qualification.

    Please read AISA's Accreditation Research HERE 

 

Board and Cyber Resilience - AISA/AICD Research

Study reveals more needs to be done to improve cyber security reliance

 

 

A new study by the Australian Institute of Company Directors (AICD), in partnership with the Australian Information Security Association (AISA), reveals that while most Australian directors see cyber security as a high priority issue, there is still a lack of formal oversight at a board level.

More than 850 directors were surveyed for the Boards and Cyber Resilience study, investigating board preparedness for cyber security incidents and benchmarking current practice to guide further education initiatives for directors. The survey found that 72 per cent of respondents say cyber security is a ‘high priority’ issue for their board. Recent Director Sentiment Index surveys mirrored this finding with cyber security having moved up to the top-ranking issue keeping directors ‘awake at night’.

Other results that indicate there is still room for improvement in board oversight, include:

  • Around 39 per cent of directors say they have made cybersecurity a specific focus of a board committee
  • 36 per cent of directors say they receive regular reporting on internal training and testing; and
  • Just 21 per cent of directors receive reporting on the cyber performance of key third-party suppliers
  • Only 44 per cent of directors indicate receiving training in cyber risk, and even fewer (23 per cent) have appointed directors with cyber skills

Read the Report - Boards and Cyber Resilience HERE

 

 


State of the Digital Nation: Cyber Security In Australia 2021

 

 

For the second year, AISA commissioned DataDriven to produce a report based on an extensive survey of ICT leaders which was conducted in March 2021 about their organisation’s Digital Transformation (DX) and ICT practices. The resulting report focused on Australian ICT decision makers, with a strong focus on cyber security.

Key Findings:

  • Security threats increase, business and government responds
  • Security cuts across all aspects of life in this country
  • Managing risk and security is right at the top of the business agenda
  • Deployment of security solutions has ramped up
  • Ransomware has got everyone's attention
  • Security spending will be much higher through 2021/2022
  • Cyber security services are also surging
  • E-commerce businesses are more advanced with security
  • COVID-19 has mostly accelerated ICT budgets

Read the study's findings here


 

 

State of the Digital Nation: Cyber Security in Australia 2020

 

To add value to our members' and partners' ongoing understanding of cyber security, AISA has partnered with research company DataDriven for this survey of ICT decision makers in Australia. It is a drill-down into the area of cyber security and related technologies and services through the eyes of the people who manage, deliver and purchase these technologies – the ICT decision makers.

Key Findings:  

  • Cyber security is a business issue not just a technological one
  • Cyber security is top of mind
  • Cyber security is integral to information-processing
  • The Australian Government has made cyber security a national priority
  • Online businesses take cyber security more seriously
  • Technology investments are changing to meet rising threats
  • The rise of zero-trust architecture
  • Covid-19 Pandemic has increased security concerns

Read the study's findings here

Australian Cyber Security Skills and Jobs Study NSW 2020

In early 2020, AISA partnered with NSW Treasury to undertake a research project that would identify potential cyber security skills gaps and look at the impact of COVID-19 on the local cyber security industry.

Read the study's findings here

The Australian Cyber Skills Shortage Study 2016

The study by the Australian Information Security Association (AISA) suggests that the skills shortage is better characterised as a failure of some organisations to resource appropriately, rather than the belief that there are not enough people to fill available jobs. Conducted over four months, the study included a member survey, analysis of job ad’s and interviews with key stakeholders.

Read the study's findings here