“Best practice approaches in organisations to protect against data breaches involve a dedicated training program comprising face-to-face training and e-learning, supported by tools and ongoing communication on how employees can stay safe from evolving threats,” the OAIC said in a report.
Suranga Seneviratne, from the School of Computer Science at the University of Sydney, says periodic cyber-training should be incorporated into organisations’ regular employee training to mitigate the risks of phishing, ransomware, social engineering and business email compromises.
“Of course, human errors have also been observed at the cyber-professional levels, too – and such instances increase the demand for postgraduate training,” he said.
Pushing salaries well into six figures
The 2022-23 federal budget contributed a high level of investment in national cybersecurity and intelligence agency the Australian Signals Directorate (ASD). This includes a $10 billion investment over the next decade in new national cyber and intelligence capabilities. The ASD will get $680 million in 2022-23 and $1.2 billion in each of the following two years, and then $1 billion in 2025-26, say the budget papers.
The shortage of qualified cybersecurity experts is pushing their salaries well into six figures. A survey by jobs website Indeed.com.au reveals that the average annual salary for IT security specialists in Australia is $110,197. The average salary for a director of information security in Australia is $149,017 a year. That is well above average salary levels for other professionals, including solicitors, accountants and other positions such as web developers.
Universities have responded to the rapidly growing need for professionals with cybersecurity skills with new, highly focused postgraduate training.
Demand for postgraduate training
“The increasing numbers of data breaches, attack attempts, as well as regulatory and compliance requirements are increasing organisations’ need for cybersecurity professionals,” Dr Seneviratne says. “Consequently, there is a greater demand for postgraduate training in this area.
“Postgraduate training provides a bird’s-eye view of the cybersecurity landscape. It includes training in strong fundamental skills in cryptography and authentication, as well as secure design aspects that are transferable across companies and sectors.”
Paul Haskell-Dowland, professor of cybersecurity practice at Edith Cowan University, says there have been considerable increases in student numbers in recent years for its cybersecurity courses.
There were almost 1300 students in dedicated cybersecurity courses in 2019, he says.
“In the intervening years we have not seen further growth given the absence of commencing international students,” he said. “But overall numbers have been stable, indicating domestic students have filled the places left by the absence of new commencing international students.
“Experience is critical, but the broad, transferable attributes gained in a postgraduate degree are still highly desirable skill sets for employers. While technical skills are often the most advertised aspect of cyber courses, it is the higher-level analytical skills which ensure that postgraduates have world-ready skills.”