Pages

Thursday, September 15, 2022

Cyber skills shortage ‘to hit 30,000 in four years’

 This piece makes the case for crime reductionas a cause area, as a complement to general criminal justice reform. The argument is structured as follows. The first section lays out the total cost of crime in the United States, chosen as a relatively tractable example in the developed world, and argues that reductions are desirable under any reasonable social welfare function. The second section sets out reasons why crime may be more tractable than suspected, with particular emphasis on the distribution of offences and characteristics of offenders, and potential alterations to the physical environment to deter crime. The final section addresses existing work in this field, and makes the case for Open Philanthropy joining the fray.

The costs of crime



Cyber skills shortage ‘to hit 30,000 in four years’

Max Mason
Max MasonSenior reporter

Huge surges in cybercrime, including ransoming, fraud and data theft, will leave Australia 30,000 cyber professionals short over the next four years of what is required to cover the security needs of the country, according to new research.

John Paitaridis, chief executive of BGH Capital-backed cybersecurity firm CyberCX, is optimistic the skills gap, larger than previous commentary has forecast, can be filled. However, it will require heavy lifting.

Over the next four years, the shortfall in qualified cybersecurity professionals is forecast to hit 30,000 unfilled positions across Australia. This is four times the number has been quoted by industry and industry groups previously,” Mr Paitaridis told The Australian Financial Review.

“Most of those estimates really were formed around that pre-2019 time frame and don’t reflect the significant surge in cybercrime and cyber risks more broadly, that’s driven by ransomware, data theft, extortion, and also really amplified and exacerbated through this pandemic.”

The figure is revealed in new research commissioned by CyberCX and undertaken by independent think tank Per Capita.

Cybersecurity skills are now in shorter supply than cloud computing and cloud infrastructure, and Australia faces a fight for talent from more developed markets in the US, UK and Canada, the report said.

Graphic: Cybersecurity workforce requirement and shortfall forecast

It also noted the anticipated growth in workforce shortages in Australian cybersecurity, database management and ICT (information and communications technology) security exceeds 38 per cent, outstripping forecasts for care and software development.

The report said the current Australian cybersecurity workforce was around 68,400.

Collective effort required

“Domestic and international evidence put the current shortfall at 25,000-30,000 positions that will be needed by 2024. Both estimates appear to be derived soundly, with the [National Skills Commission] estimates based on ABS Labour Force Survey data,” the report said.

Mr Paitaridis said he was not going to be “alarmist” and believed the issue could be solved through a collective effort of government, industry, and academia across TAFE and universities.

One of the glaring gaps that needed to be tackled was the gender distribution of cybersecurity workers. According to the NSC, women make up just 21 per cent of the workforce.

“That’s a big lever for us to try and unlock,” Mr Paitaridis said.

He said universities and TAFE had been doing heavy lifting in terms of bringing qualifications and curriculums up to date. However, graduates were not job-ready and completion rates in TAFE, particularly in ICT engineering, were declining.

“We don’t only want to point to the CyberCX Academy, although we’re enormously sort of proud of it. But those integrated workplace models are about intensive programs, you don’t have to go through a three-year course or a five-year course,” he said.

“Within six months we can take a candidate – whether they come from university, TAFE, or they come from mid-career from virtually low levels of zero proficiency – to get on the tools and actually be able to work on cybersecurity tasks and roles and activities and projects.”

Max Mason covers courts, insolvency, regulation, financial crime, cybercrime and corporate wrongdoing. He joined the masthead in 2013 and has held a number of roles, including media editor and telecommunications reporter. He is based in Sydney.Connect with Max on Twitter. Email Max at max.mason@afr.com