SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
A lack of commitment from Australian organisations to cybersecurity training is holding us back
Tue, 25th Aug 2020
FYI, this story is more than a year old

Despite the Australian government's recently released 2020 cybersecurity strategy highlighting cybersecurity as a priority area for skills growth, Australian organisations are not focusing sufficient resources on skilling their workforce, which is exacerbating the existing cybersecurity skills shortage.

This was revealed in a recent DDLS survey, ‘Staying ahead of the Technology Curve, Now and in the Future'. The survey shined the spotlight on current trends in the ICT training and certification space, and the key opportunities and challenges for delivering training to the market in the next few years.

In the survey, respondents were asked to describe their organisations' proposed investment in ICT projects in the next 12 months, with 48% of respondents expecting an increase in spending in this area. When asked about their investment in ICT training, however, only 34% of respondents expected an increase in spending.

This data reveals an alarming gap between Australian organisations' expenditure on ICT projects and their spending on training employees in ICT processes. The unwillingness to invest equal time and effort into training employees is exacerbating the existing skills shortages in Australia within the cybersecurity industry, as well as cloud computing.

The survey also gave an overall picture of training priorities in Australian organisations, which revealed more about the lack of focus on cybersecurity training. The most in-demand training areas reported are currently IT infrastructure and networks (21%), cloud computing and virtualisation (17%), and ITIL and dev-ops (16%).

Cybersecurity training did not even make the top three training investment areas. Yet, throughout the survey, it was clear that respondents highly valued cybersecurity expertise, with 77% reporting cybersecurity awareness as ‘extremely' or ‘very important' to their business.

Everyone wants and needs highly skilled cybersecurity professionals - but there aren't enough to go around. Australia needs approximately 17,000 additional cybersecurity workers by 2026, according to AustCyber. Until Australian organisations prioritise training and development of their staff in this area, we will struggle to meet that target.

It's no secret that the most effective way for organisations to tackle the shortages of skilled workers is by investing in training and certification for their staff. 93% of IT decision-makers agree that the value certified professionals bring to their organisations far outweighs the cost of training them, so what's the hold-up?

Following the recent string of cyber-attacks on Australia and the government's boost to cybersecurity funding, there exists a significant opportunity and responsibility for all organisations, regardless of their sector, to invest in cybersecurity training and certification for their staff.

The survey also yielded some interesting information regarding preferred training formats and the accessibility of training for organisations, and how this has changed as a result of COVID-19.

While respondents reported the most effective training method to be instructor-led training in the classroom, the survey found a growing interest in online training formats. 66% of organisations who currently opt for ‘blended training' (mix of instructor-led and online training) said their training spend would move towards fully online training in the future, spurred by the onset of COVID-19 social distancing measures.

The survey also revealed that one of the top barriers to accessing training was giving staff time out of the office (59%). This perceived barrier to training can be counteracted by online training formats, which often don't require time out of the office and can be delivered remotely outside of office hours.

There is a significant opportunity here for training providers to recognise this common barrier and introduce more online training formats in the future to ensure they satisfy all organisations' needs and requirements.

Promisingly, the survey reinforced that those organisations that invest in training and certification for their staff are willing to make an ongoing commitment. 56% of respondents reported their employees attended at least three or more courses in the space of 12 months, indicating interest in long-term training in many organisations, rather than one-off certifications.

The survey data proves that certification is inherently valuable to organisations. Australian organisations will be responsible for ensuring the nation has the right skills to support the growth of the cybersecurity sector.