The Fallout: What impact has the cyber skills shortage had on industry salary trends and retention?
The cyber security skills shortage' has been a hot topic over the past few years. For those who mightn't be familiar with the phrase, it refers to the gap between the demand for highly-skilled and experienced cyber professionals and the supply in the industry.
For context, AustCyber's Australia's Cyber Security Sector Competitiveness Plan 2023 states that, "in Australia, there were more than 12,500 unfilled Dedicated cyber security jobs in 2023. In fact, the labour shortage in the global sector keeps growing - with the gap now twice as strong as the workforce."
Throughout 2020-2024 we have witnessed this shortage of cyber security experts push the salary trends up and up, well into six-figures. Aust Cyber has cited that "the average salary for a cyber security role is estimated at AU$123,160, with those employed in the public sector receiving a marginally lower salary of AU$119,694, compared to private sector counterparts at AU$124,331."
So what has this meant for the industry?
It means that many organisations have faced recruitment challenges in the sector. According to IT Brief, "60% of global IT and cybersecurity leaders find difficulties hiring qualified candidates." With candidate salary expectations so high and the need for cyber assistance equally high, numerous companies have found themselves in difficult situations. For those who can't find the skilled experts that they need, some have simply bitten the bullet and settled on under-qualified staff with a view to upskill them. While others may have unknowingly hired employees who have oversold their abilities and are now dealing with the repercussions.
So what's the fall out?
Some companies are having to come to terms with burnt out highly-qualified professionals, unfilled jobs or overpaid and under-skilled employees. None of which are ideal. The former are leaving the workforce or struggling with the pressure of being in such difficult and unsupported roles. A survey by VMware showed that "47% of cyber employees have experienced stress and burnout." Furthermore, the survey indicated that 69% of these employees had thought of leaving their jobs due to burnout and stress.” (Guardrails: Stress and Burnout in AppSec Teams).
The under-qualified candidates demanding large salaries are also potentially risky, putting organisations under financial pressure and exposing them from a security standpoint if they aren't up to the task.
So with cyber threats on the increase and in turn the need for skilled professionals on the rise, where is the industry headed?
The sector has an emerging cohort of cyber professionals who are eager to sink their teeth into roles, but there needs to be a sustainable approach to growth. For younger professionals, a sense of sensibility around salary expectations will allow the industry to grow, however the industry may start to self-regulate as the shortage slowly shifts to a glut of developing cyber talent. For existing cyber security experts, we need better support for and understanding around how to mitigate burnout and encourage better work life balance. This could look like managed security services for off hours, more flexibility, looking into automating mundane tasks as well as job rotation options.
If you’d like any information about how to hire cyber security talent of all levels for your organisation, get in touch with the Decipher Bureau team. With offices across Brisbane, Sydney, Melbourne and Canberra - and an experienced team around the world, we’d love to help you out.