CISOs sidelined as Australia’s buoyant IT-security jobs market focuses on consultants

Companies building cybersecurity armies rather than appointing executive overseers

CISOs may still be relatively hard to find within still-maturing Australian companies, but other types of IT-security consulting roles are expected to lead Australia’s jobs market over the next few years, according to newly released employment figures.

Recent figures from the BDO Australia Cyber Security Survey 2016, found that just 18.7 percent of the more than 400 surveyed companies have, or plan to have, a senior management role responsible for cyber security.

This compounded Australian businesses’ glaring lack of preparedness in other cybersecurity-related areas: just 41 percent of the surveyed companies have a cyber-incident response team ready to respond when security incidents happen, while just 21 percent have a security operations centre (SOC) in place to detect and respond to security incidents.

These are relatively low figures given the growing awareness of the potential reputational, operational and financial impacts that cybersecurity incidents can “inflict on an organisation”, the report’s authors said, noting that cybersecurity attacks on small companies, in particular, were underreported but were just as crucial to address.

“The size, type or function of an organisation matter very little when it comes to the customers’ expectations about cyber security,” the authors noted. “Cyber security incidents can impact on an organisation’s core infrastructure, disrupt its ability to function or simply take it completely offline.”

“When a cyber security incident directly impacts the organisation’s ability to operate due to a complete loss of access to systems or the destruction of digital assets, some businesses simply cease to exist.”

Despite the low penetration of CISOs within the surveyed companies, the appointment of more such executives was among the lowest of 25 priorities in which companies’ security plans were evaluated: just 10.8 percent of companies said they were planning to appoint a CISO within the next 12 to 24 months, while more than 70 percent said they had no plans at all for a CISO.

The results suggested a much stronger focus on lower-level, more directly-responsive cybersecurity skills: for example, 23.5 percent of the companies BDO surveyed said they would implement a cybersecurity incident response plan within the next 12 to 24 months, while 22 percent were planning a cybersecurity incident response plan.

The proportion of companies with a formal SOC would nearly double in that timeframe, to 41 percent of companies, while 24.3 percent were taking measures to improve cybersecurity risk reporting to business executives. And some 22.4 percent of companies said they would formalise a cybersecurity policy during that time.

Those priorities reflect growing demand for IT security skills that were also reflected in new figures from IBISWorld, whose latest employment-growth indicators showed online shopping, IT security consulting, and data storage services as the industries with the strongest employment growth over the five years through 2021/22.

Those industries were pegged to enjoy 7.5 percent, 6.0 percent, and 5.9 percent annualised growth, respectively, during the period. The IT security consulting industry would employ 22,193 professionals by 2021/22, IBISWorld senior industry analyst Nathan Cloutman concluded, as businesses soak up specialists set to leverage improvements in digital security, counter-threat technologies, artificial intelligence software and the national broadband network (NBN) rollout.

The NBN would also drive growth in the data-storage services market, Cloutman said in a statement: “Surging demand for online data storage solutions is forecast to drive the number of enterprises entering this industry,” he explained. “This is positive news for cloud management consultants, data centre managers, storage design consultants and storage engineers.”

Industry association CompTIA’s latest IT Employment Tracker identified similar trends in the US market, where a low 2.9 percent unemployment rate for IT occupations reflected ongoing demand for business-relevant skills that saw around 200,000 IT jobs created in that country during 2016 – some 79,500 of which were in the IT and software services area.

US IT-related employment during this year was well above year-ago levels, highlighting the growing demand in the wake of digital transformation efforts and growing awareness of the need for better information security.

Security-related positions, particularly in dealing with new risks around cloud computing and the Internet of Things (IoT), were going to drive “on-going demand for seasoned professionals with these skill sets,” CompTIA board member Quy Nguyen said in a statement.

“IoT has tremendous momentum, cloud is constantly evolving and security risk is a formidable concern for every business. These three components will be a major driving force for quality talent and long-term job security."

Tags CISOsIBISWorldCSO AustraliaAustralian companiescybersecurity incidentsDavid BraueIT-security consulting rolesBDO Australia Cyber Security Survey 2016

Show Comments