Australia’s cyber security skills gap remains pressing issue

Australia’s cyber security skills gap continues to be a pressing issue that has led to a spate of data breaches, increasing the risk of future cyber security incidents, a study has found.

According to an analysis of the latest Australian census, as well as labour force data by StickmanCyber, an Australian cyber security service provider, there are only 11,387 cyber security professionals holding vital roles such as penetration tester, cyber security engineer, cyber security analyst, cyber governance risk and compliance specialist.

These professionals make up just 3% of Australia’s ICT workforce. In comparison, there are 50,000 ICT project managers in Australia and 7,000 chief information officers. Across the country, there are more than twice as many software engineers in New South Wales than cyber security professionals in the whole of Australia.

Australian businesses also have more ICT than cyber security professionals available to them. According to the study, there’s roughly one ICT worker for every seven companies, but just one cyber security professional per 240 Australian businesses.

To plug the cyber security talent gap, Australia has become dependent on skilled migrants, with 51% of cyber security professionals born outside of Australia.

The gender mix in Australia’s cyber security industry also leaves much to be desired – just 16% of Australian cyber security professionals are women, and only one in 20 penetration testers or cyber security architects are women. “The Australian cyber security industry is growing, but there’s a worrying shortage of technical cyber security skills and very few Australians are in dedicated cyber security roles such as penetration testing,” said Ajay Unni, CEO and founder of StickmanCyber.

“Many recent high-profile breaches are a natural consequence of Australia’s cyber security and technical skills gap,” he added. “Too much of the cyber security burden is falling to IT teams and professionals with a broad knowledge of IT, who lack specialised cyber security expertise. They don’t have the expertise needed to protect a business. There is also a degree of disproportionate trust in technology.”

Noting that there are no quick fixes to the problem, Unni called for Australia to incentivise young people and students to pursue a career in cyber security – especially women.

“Companies also need to improve working conditions and reduce burnout to ensure that people stay in the field,” he said. “In the short-term, businesses that cannot find the skills they need in-house must look to trusted third-party security service providers who have the skills they lack.”

Under Australia’s cyber security strategy for 2026 to 2028, plans are afoot to improve cyber maturity generally, including the development of a diverse cyber workforce.

Proposed measures include aligning migration policy with cyber skill requirements, and guiding employers to target and retain diverse talent, to support the professionalisation of the cyber workforce.