Australia’s CISOs Face Danger of Own Goal
- By CDOTrends editors
- May 01, 2023
As football goalkeepers must face the immense pressure of protecting their team's net, so do chief information security officers (CISOs) face the growing challenge of defending their organizations against cyberattacks. In Australia, the situation is particularly dire as a lack of skilled cybersecurity professionals and high stress contribute to an increased attrition rate following data breaches.
A recent global study by Trellix, The Mind of the CISO, reveals that 45% of Australian CISOs reported significant attrition in their security operations teams after a major security incident. This number is slightly higher than the global figure of 43%. With an ongoing cyber security skills gap, Australian companies struggle to replace departing employees, making it even more challenging for CISOs to prevent and manage cyber incidents.
The study highlights that 40% of Australian CISOs consider the lack of skilled talent a primary challenge, significantly higher than the 34% global figure. This suggests Australia's cybersecurity industry will need 30,000 additional professionals by 2026 to close the gap and replace lost employees.
Trellix ANZ managing director Luke Power emphasizes the pressure CISOs face, often feeling "unheard, invisible, and unsupported." A U.K. financial services CISO's statement further illustrates the football goalkeeper metaphor, explaining that when a cyberattack slips through the cracks, the CISO's head is suddenly "on the chopping block."
Despite the mounting pressure, Australian organizations continue to grapple with staffing issues related to skilled visa policy changes and gender imbalance. Meanwhile, a recent Surfshark analysis ranks Australia fourth in the world for cybercrime density, with 106 cybercrime victims per 1 million internet users.
The disparity in attack densities across countries implies that hackers target some nations more than others. Cybercrime costs the world around AUD1.79 million (USD1.18 million) per hour. This high-stakes environment is further complicated by CISOs relying on fragmented and numerous cybersecurity tools, which fail to provide an effective defense.
Organizations typically allocate 34% of their IT budget to cybersecurity. However, most of this funding targets network detection and response, with an average annual investment of AUD10 million. As a result, businesses often overlook strategic investment, maintaining a reactive approach.
Trellix's Power warns that inadequate cybersecurity tools exacerbate the challenges of high attrition rates. He stresses the need for immediate action across all sectors to counter cybercriminals, revolutionize security operations strategies, and break down barriers preventing critical data protection for a safer future.
Image credit: iStockphoto/haizon