A third of companies have no in-house security capabilities: Gartner

Fully a third of organisations have no cybersecurity expertise inhouse, according to a new survey that highlights the ongoing difficulties caused by Australia’s cybersecurity skills crisis.

Although 95 percent of CIOs expect the level of cybersecurity threats to increase over the next three years, just 65 percent of those organisations currently have a cybersecurity expert, Gartner’s 2018 CIO Agenda Survey – conducted amongst 3160 CISOs in 98 countries – revealed.

Businesses are increasingly investing in cybersecurity detection and response capabilities, with 60 percent of security budgets expected to be allocated to this area by 2020 and 36 percent of respondents actively experimenting with the technology or planning to implement it in the short term.

Yet budgets are only one part of the solution, Gartner research director Rob McMillan said in a statement. “Taking a risk-based approach is imperative to set a target level of cybersecurity readiness,” he explained.

“Raising budgets alone doesn’t create an improved risk posture. Security investments must be prioritised by business outcomes to ensure the right amount is spent on the right things.”

Yet while spending on cybersecurity expertise would seem to be a no-brainer, the large number of companies without formal inhouse expertise suggests another ongoing, underlying challenge in finding and securing those skills within the current competitive market.

The recently released Australian Computer Society (ACS)-Deloitte Digital Pulse Report 2018 paints a bleak portrait of the supply of suitable cybersecurity skills, with demand for ICT workers expected to surge from 663,100 last year to 758,700 workers by 2023.

Cyber security “is an area where Australia can take a leading role,” the analysis concluded. “Investing in our cyber capabilities will raise our overall security and create new opportunities for innovation, job creation and economic growth.”

Improving the cybersecurity skills situation will require a co-ordinated national effort rather than the piecemeal state-based approach practiced to date, the report proposes while recommending “creative approaches” to building high-demand ICT skills such as cybersecurity, data science, and mobile development.

Such approaches were necessary to continue Australia’s strong position in cybersecurity despite the country coming third in the ITU’s cyber capabilities ranking, and OECD figures suggesting Australia has the world’s sixth-highest proportion of ICT graduates as a share of total graduates (3.77 percent).

Seeking to bolster these figures, the government this month launched its Global Talent Scheme pilot program, which offers streamlined visas to improve access to in-demand cybersecurity and other skills.

“The demand for digital skills in our economy is exploding,” said ACS president Yohan Ramasundara in a statement.

“The growth of artificial intelligence, automation and the internet of things is driving significant disruption across all industries, and highly trained ICT professionals are in more demand than ever before. If we want to be competitive in the world economy, we need to invigorate the education and training sectors to increase Australia’s ICT talent pool.”