AISA research report

No content found

Executive overview

Nearly 78% of AISA survey respondents agree or strongly agree that there is a shortage of qualified cyber security workers for available positions in Australia. 

But what does this really mean?

Further analysis suggests that the cyber security skills shortage in Australia may be better characterised as concern about ensuring future capacity, of developing and maintaining a strong pipeline of appropriately skilled cyber security workers to meet the future needs of Australian organisations of all sizes, rather than a current state of chronic shortage of supply versus demand.

Member feedback and other findings suggest that many entities do not appreciate the need for security capability.  Other entities, who are unable to find professionals with the skills required, are electing to either leave positions vacant or fill them with more junior or less skilled staff. As a result, it is likely that many organisations are putting the security of their data and systems at serious risk. 

Some members saw this as a consequence of the Australian cyber security skills market being comparatively immature:

I have worked in the US and Europe for over 15 years and the Chief Security Officer reports to the CFO or board. Most Australian organisations are still operating as if it’s the 1990's with a CISO reporting to the CIO. This is your problem, unless that is fixed security will never be taken seriously!

AISA Member comment


The shortage of cyber security workers in Australia may become an increasingly urgent issue as organisations look to increase their cyber security capacity and capabilities over the coming years.

It remains to be seen whether, in response to limited availability of appropriately skilled workers at an acceptable price, organisations will choose to invest in developing and retaining suitably skilled staff or turn to contractors, consultancy organisations and outsourced service providers for the specialised security skills they require.  

‘The cyber security industry is going to (continue to) evolve rapidly over the coming years, automation will replace some job types, new technologies and, business culture will demand more of generalist and business facing skillsets. Mature cyber security professionals will need to adapt, and organisations/government/education industry will need to better prioritise technical and professional development curriculums for younger and mature age professionals.’

AISA Member comment


For many, this is an opportunity for Australian cyber security workers to get ahead of the curve, provided they are agile and able to adapt to a rapidly changing environment.

‘This is a pervasive and holistic issue. Australia is on the cusp of a digital revolution that has already hit the rest of the world. As the world changes and everything is connected and integrated, our preparedness as a nation will place the economy at extreme risk. Without the people with skills to address these risks, we are doomed to failure.’

AISA Member Comment

No content found

No content found

No content found