An exponential escalation in cybercrime has left many organisations feeling suffocated by the anxiety of becoming the next headline for all the wrong reasons. In FY 2023-24, Australians lodged over 87,400 cybercrime reports with ReportCyber—equating to one incident every six minutes. Losses are mounting too: the average cost per incident has risen to ~AUD $30,700 for individuals and ~AUD $49,600 for small businesses. Beyond the numbers, survey data shows widespread victimisation: in 2024, around 27% of Australians experienced online abuse or harassment, 22% identity crime, and 21% malware infections.

The challenge is amplified by a severe shortage of cybersecurity professionals. Australia’s digital workforce surpassed one million workers in 2024, yet forecasts show demand will climb to around 1.3 million by 2030. Cybersecurity in particular faces critical gaps, with an estimated 3,000 additional specialists needed by 2026. This talent squeeze means organisations are often unable to hire, retain, or afford the expertise they require, even after exhausting their recruitment budgets.

A natural response to these challenges is to engage a Managed Security Service Provider (MSSP). Outsourcing targeted functions such as penetration testing or running a Network Operations Center has become a common industry practice. But (there’s always a but) outsourcing inevitably involves surrendering some control to a third party. This can open the door to new risks—exposure to vendor vulnerabilities, shifting compliance obligations, and the possibility of escalating costs if service rates rise or regulations demand moving services back in-house.

This is precisely where Business Analysis proves invaluable. By applying structured analysis and stakeholder engagement, Business Analysts can:

• Identify which security functions are better managed externally versus in-house.
• Define processes for onboarding and offboarding vendors to minimise disruption.
• Maximise the benefits of MSSP services by aligning them with business priorities.
• Map how organisational data flows to and from third parties.
• Translate technical risks into business risks for executive decision-makers.
• Foster shared understanding between cybersecurity specialists and the business.

The result is not just greater resilience but also clearer, more strategic use of scarce cybersecurity resources.

At Business Analysis (BAPL), we are committed to helping our clients succeed with their software initiatives, products, and projects. As a solution-agnostic consulting practice, we bring a proven track record, broad domain knowledge, and rich experience captured in our case studies. Our mission is to deliver Business Analysis as a Service, ensuring organisations get the most value out of every technology and cybersecurity investment.

Want to know more about how a Business Analyst can create value in a cybersecurity project? Write to us at info@business-analysis.com.au and we’ll share our infographic detailing the role of a Business Analyst in cyber initiatives.

References

• Australian Institute of Criminology. (2024). Cybercrime in Australia 2024 (Statistical Report 53).
• Australian Cyber Security Centre. (2024). Annual Cyber Threat Report, July 2023 to June 2024.
• Australian Computer Society. (2024). Digital Pulse Report.
• Department of Finance (Australian Government). (2024). Digital and Data Workforce Strategy – Current State