A shortage of job-ready workers
A lack of focus in research and commercialisation
Barriers to growth and export for smaller local cyber security providers
A lack of robust measurement of the sector’s development and economic impact.
The severe shortage of job-ready cyber security workers is a key challenge. It is estimated that Australia may need around 16,600 additional cyber security workers for technical as well as non-technical positions by 2026.
But despite the recent growth in Australia’s core cyber workforce, a substantial number of vacant cyber security positions remain unfilled because companies can’t find the right talents. In a promising sign, the education system has begun to mobilise, with a large number of universities and TAFE colleges launching new cyber security degrees and courses. However, it will take time before this pipeline of graduates is ready to enter the workforce, and even then they may face obstacles because of outdated hiring practices.
In the meantime, Australia’s cyber security sector will need to draw heavily on workers with transferrable skills from other industries, such as the broader IT sector. There are signs that companies could offer stronger training pathways to accelerate the transition of workers from outside the sector into cyber security roles. The section Make Australia the leading centre for cyber security education in Chapter 4 outlines the most promising ways to address these bottlenecks, including stronger partnerships between training institutions and businesses.
Strong research and development (R&D) is the backbone of a thriving cyber security sector. Customers in cyber security, more than in other industries, rely on technological innovation to effectively protect their digital assets from adversaries. Australia’s public spending on cyber security R&D and efforts to foster research collaborations between universities and businesses – viewed as crucial for a vibrant, innovation-driven industry – lack focus and lag other leading cyber nations such as the US and Israel. There are also signs that Australian cyber security startups face greater difficulty to commercialise innovative ideas than their global peers, due to a lack of early-stage venture capital. The section Growing an Australian cyber security ecosystem in Chapter 4 offers some solutions to overcome this challenge, including concentrating Australia’s cyber security research efforts on a small number of topics that match existing strengths and support the three focus segments.
The third challenge is overcoming market barriers that hamper local companies in their efforts to scale their operations and become leading exporters. Many startups lack a clear understanding of customer needs. Many also lack the credibility to win government agencies or large private businesses as anchor customers. GovPitch, an initiative by AustCyber launched in 2017, is removing some hurdles for small companies to become government contractors. However, complex procurement processes in the public and private sector may prevent smaller companies from scaling their operations. The section Exporting Australia’s cyber security to the world in Chapter 4 outlines a range of strategies to tackle these issues, such as relaxing current procurement procedures.
Measuring the cyber security sector is emerging as another important challenge to its continuing development. Despite the growing recognition that cyber security is an essential pillar of the modern economy, there is a significant gap in our understanding of the size and development of the sector, as well as its impacts across the economy at large. This blindspot is due to the twin challenges of poor-quality data and the analytical difficulty of measuring cyber security capabilities embedded within many organisations across all sectors of the economy, in addition to those firms in the ‘vertical’ cyber security sector itself. The section Provide robust measurement of the sector’s development and impact on the Australian economy in Chapter 4 outlines some actions to tackle these issues over the short and long term, such as launching a measurement program that is both credible and easily repeatable.