Australian cyber security workers are more stressed than their international peers, with an increasingly complex threat landscape and continual under-resourcing impacting their mental and physical health, a new report has found.
The State of Cybersecurity 2024 report, produced by international tech professional association ISACA, reveals stress is growing for cyber workers around the world, and that most don’t feel ready to combat the growing risk of a cyber-attack on their organisation.
Based on a survey of 1,868 cyber security professionals from 102 countries, including Australia, the report revealed Australian cyber security workers are feeling more stressed in their jobs than their counterparts around the world, with 66 per cent of respondents saying that this stress is “much higher” than five years earlier.
The majority of respondents – more than four in five – attributed this increase to the increasingly complex threat environment.
Compared to cyber workers around the world, Australians reported lower budgets, higher hiring and retention challenges, and a more significant lack of prioritisation of cyber security risks.
This is compounded by a lack of resourcing for cyber security teams, with the survey finding that nearly half of all respondents thought their company’s cyber security budget was underfunded, and only a third expecting these budgets to increase in the coming 12 months.
For many Australian cyber security professionals, this stress has become so significant that they are considering leaving their jobs.
Of those who had recently left their job, 60 per cent of Australians reported high stress levels as the main reason, compared with 46 per cent globally.
Australian organisations must do better at managing the stress of their employees, ISACA director, professional practices and innovation Jon Brandt said.
“Employers should hone in on the occupational stress their digital defenders are facing,” Brandt said.
“This is an opportunity for employers to explore ways to support staff before burnout and attrition occur.”
ISACA and ACS last month extended an MoU to further work together. [L to R]: ACS CEO Josh Griggs; Jo Stewart-Rattray, Vice President of Community Boards, ACS, and Oceania Ambassador, ISACA; and Erik Prusch, CEO of ISACA. Photo: Supplied
Constant vigilance
Despite these results, the report found that Australian organisations are experiencing slightly fewer cyber security attacks than other countries, with just under 30 per cent experiencing increased attacks compared with 38 per cent globally.
This doesn’t mean that Australian organisations can become complacent though, ISACA Oceania ambassador Jo Stewart-Rattray said.
“Despite a lower number of respondents reporting cyber-attacks in Australia than in other parts of the world, we know that each attack is increasing in complexity, requiring even more effort, energy and intelligence by cyber professionals,” Stewart-Rattray, who is also vice president of Community Boards at ACS, said.
“Staying ahead of new technologies and digital weapons is all-consuming and this certainly explains why cyber pros in Australia are feeling increased stress in their jobs.”
The survey also revealed that while more than half of the Australian respondents expect a cyber-attack on their organisation in the next year, just 32 per cent have a high degree of confidence in their team’s ability to detect and respond to these attacks.
Stewart-Rattray said this was “concerning”.
“It highlights the urgent need for ongoing education and training to keep pace with evolving threats,” she said.
“Knowledge, preparedness, and teamwork remain integral to preserving digital security.”
A number of other reports have found that Australian workers are stressed, burned out and unsatisfied with their current jobs.
Last month, ACS and ISACA announced they were extending a Memorandum of Understanding (MoU) between the two organisations to collaborate on training and credentialing, advocacy to governments and agencies, expanded conferences and events, and joint research efforts.
Earlier this year it was revealed that this workplace stress, coupled with a lack of funding, led some cyber security professionals to moonlight as dark web cyber criminals, according to the Chartered Institute of Information Security.
This stress and fatigue is also serving to increase the risk of cyber-attacks, with another study finding that staff fatigue and burnout was contributing to one in five data breaches.
Stress levels are on the increase across the Australian workforce, with more than a third of Australian workers reporting lower mental health levels compared to six months prior, and 37 per cent reporting decreased levels of engagement and sense of belonging.
