How investment in a cyber-smart public sector will help our post-COVID economic recovery
How investment in a cyber-smart public sector will help our post-COVID economic recovery
by Nicola Nicol
Share this article
The COVID-19 pandemic has accelerated the online transition: we are working, shopping, accessing essential services and connecting with each other online more than ever as the virus forces us to socially distance to remain safe. Even as global travel has been scaled back dramatically our world has never been more interconnected, and with it our reliance on the internet for our prosperity and to maintain our way of life.1
With the increase in digitisation, there has been a corresponding increase in the threats to our online security from cyber criminals and state-sponsored attackers – who seek to exploit our increased reliance on the digital environment to steal money, personal data and intellectual property, as well as targeting the infrastructure essential to our way of life.
PwC's Digital Trust Insights 2021 report showed Australian executives are anticipating a higher likelihood and higher impact of cyber attacks in the year ahead than their global peers. The report also shows that in the first three months of the pandemic, cyber attacks increased by 65%.
As we rebuild our economy in a post-COVID world, there is a new sense of urgency to build confidence and trust in critical citizen services and improve the security fabric for Australia. Direct investment in improved Cyber resilience will assist in our economic recovery by:
- protecting against the risk and impact of an attack. PwC estimated the financial cost of cybersecurity data incidents in Australia to be approximately $7.6 billion in the Financial Year 2019-20.
- driving growth. Businesses have the opportunity to make capital investment in technology solutions and create new, meaningful jobs in cyber where there is a skills shortage (estimated 17,000 new roles will be needed in AU over the next 3 years)
Government can take a leading role in this recovery in a number of ways. By enabling and empowering individuals and industry to protect their businesses, homes and information, by increasing partnerships with the private sector and improving cross industry collaboration and by enhancing security practices across the Australian Public Sector.
Constructing a cyber-smart workforce for the Australian Public Sector will be a challenge but also a tremendous opportunity to lay critical foundations to support a more rapid economic recovery.
Hiring 21st century skills
Recent data suggests that in 2021, around 3.5 million cybersecurity jobs, globally, are expected to go unfilled, with 40% of organisations planning to grow their security teams in this coming year whilst twenty-eight percent foresee a decrease in staff numbers.
When considering how to change or build a security team, leaders and hiring managers should think about what skills are required in the 21st century. The roles and functions of cyber personnel have changed over time, expanding from IT security roles, to take into account digital, business and social skills. Cyberspace is permanently contested by intelligent aggressors, and requires personnel to be able to anticipate, respond and out-manoeuvre adversaries to protect the organisation.
Employers feeling the pinch of the cybersecurity skills gap may find much talent in their own backyards. Organizations are hiring from within, offering upskilling to increase current employees’ skills in the same key areas they’re hiring for.
The $26.5 million investment through the Cyber Skills Partnerships Innovation Fund will help by encouraging businesses and academia to partner together to improve our skills pipeline.
Creating a security conscious workforce
The rise of remote working is also blurring the lines between work, home life and caring responsibilities. This has a notable, and understandable, impact on our levels of concentration and ability to make optimal decisions. Remote working has also changed the way we approach personal security: many people leave their computers unlocked at home, as well as using more non-enterprise devices and software for work, unwittingly creating vulnerabilities.
To prepare, organisations should:
- review their current cyber awareness, training and communication strategy to align it with business and technology strategy changes that address the long term requirements of a new hybrid workforce.
- communicate clearly how the cybersecurity function is supporting the change in approach given people’s day to day work life.
- reduce uncertainty by providing greater visibility on cybersecurity to the board and management using business-focused cyber metrics and reporting frameworks.
- make sure employees know what behaviours are expected and what resources are available to support them. For example, expectations of front line staff will be different to back office staff, or onsite versus remote workers.
Leverage strategic partnerships
Budgets are finite, so government agencies should invest in those skills that deliver the greatest ROI and make strategic choices to source or co-source specialist skills where needed.
With a shortage in cyber talent, organisations should consider investment in capability that removes the reliance on human capital. For example, by investing in artificial intelligence, it might be possible to remove some exposure to the global skills shortfall, while also freeing up scarce resources to focus on higher end tasks. Partnership with reputable managed service providers also provides a way to balance reliance on specialist skills.
Government agencies are well placed to work together to share ideas, resources and establish partnerships to better leverage highly skilled cyber professionals.
Menu