5 takeaways from the Global State of Cybersecurity 2024

On October 10, 2024, together with ISACA we hosted an Industry Insights webinar featuring Jo Stewart-Rattray, ACS Vice President of Communities, and Jon Brandt, ISACA’s Director of Professional Practices. The session explored key insights from Global State of Cybersecurity 2024 Report providing a deep dive into trends shaping cybersecurity and offered actionable guidance for professionals and organisations alike.

Here are the five most important takeaways:

1. Workforce Dynamics: Aging Professionals and Long Hiring Cycles

A key finding is the aging cybersecurity workforce. Professionals aged 45-54 now outnumber younger ones, raising concerns about talent pipeline sustainability. Despite many entry-level roles being available, it often takes three to six months to fill these positions, even though they don’t require prior experience.

Jo Stewart-Rattray stressed the importance of rethinking how organisations attract and onboard early-career professionals and career changers. Jon Brandt emphasised that apprenticeship programs and hands-on training are essential to bridging the talent gap and building a sustainable workforce.

 

2. Soft Skills Are Critical in Cybersecurity

While technical skills like coding and network security are essential, both speakers emphasised that soft skills are equally crucial. Cybersecurity professionals must communicate technical insights effectively, collaborate across teams, and make quick decisions under pressure.

Key soft skills include:

  • Communication: For writing reports, delivering briefings, and explaining complex issues to non-technical audiences.

  • Critical thinking: To identify patterns, analyse threats, and make decisions in high-pressure situations.

  • Empathy and collaboration: Vital for fostering trust and promoting security awareness across the organisation.

Jo explained, it’s not just about configuring firewalls or detecting threats—being a good communicator and critical thinker is just as important in our field.

 

3. AI in Cybersecurity: A Double-Edged Sword

AI is becoming indispensable for automating threat detection, endpoint management, and incident response. However, Jon warned that malicious actors are often quicker to adopt AI than defenders, increasing the sophistication of attacks.

Organisations must integrate AI solutions, but it’s equally important to have skilled professionals who understand normal traffic patterns and can spot anomalies, Jon explained. While AI can enhance security operations, it cannot replace human expertise.

The rise of AI also poses challenges for entry-level professionals, as many junior tasks are now automated. The speakers emphasised that apprenticeship programs and on-the-job training are essential to help new professionals gain practical experience and succeed in the field.

For a deeper dive into AI governance, check out the joint policy response ACS and ISACA provided to the Australian government.

 

4. Shrinking Budgets Amid Growing Security Threats

Despite the increasing complexity of cyber threats, many organisations are facing tighter budgets. The report revealed that companies are cutting professional development spending and reducing their reliance on external consultants, placing more pressure on internal teams.

Jo highlighted that many professionals now cover their own certification and training costs, creating additional financial burdens. Jon stressed that organisations must focus on building resilient in-house teams and view professional development as essential rather than discretionary.

Investing in staff development is crucial—cyber professionals need to stay current with new tools, compliance requirements, and attack trends. Without adequate training, organisations risk burnout and reduced effectiveness in responding to threats.

 

5. Cyber Insurance: Not a Silver Bullet

The webinar also explored the role of cyber insurance. While insurance can provide financial protection, many organisations assume it guarantees coverage. In reality, insurers often require evidence of proactive security measures to approve payouts.

Jo explained, Just like house insurance, cyber insurance is necessary but conditional. If your defenses are inadequate, insurers may refuse to cover breaches. Organisations must carefully review their policies and ensure compliance with all conditions to avoid gaps in coverage.

The report also found that many respondents, particularly in Australia and Oceania, were unaware of their cyber insurance policy details, creating vulnerabilities. Rising premiums further complicate matters, especially for small and medium-sized enterprises. Organisations must balance insurance costs with investments in cybersecurity infrastructure and staff training to maintain effective protection.

 

Conclusion: Stay Ahead in a Dynamic Industry

The Global State of Cybersecurity 2024 Report highlights key challenges, including workforce dynamics, AI risks, shrinking budgets, and the complexities of cyber insurance. Professionals must develop both technical and interpersonal skills to stay relevant, while organisations need to invest strategically in talent development, risk management, and compliance.

ACS and ISACA provide valuable resources to help professionals navigate these challenges. For those who missed the webinar, the full recording offers further insights into trends shaping the future of cybersecurity.