Assessing Australia's Cybersecurity Landscape

The Australian government has identified cyber security as one of the six industry sectors considered vital for the long-term prospects of the Australian economy. Cyber teams need to be better integrated into the business as Australian companies don’t fare as well as those globally.

Strong demand in Australia for cyber security services stems from many public and private companies lacking the internal expertise to adequately and comprehensively secure their IT assets. 

The narrative emerging in Australia unveils a striking trend. In numerous instances over the past three years, almost 9 out of 10 Australian companies have reported a cyber breach.

According to a PWC survey, approximately 64% of local organisations incurred losses costing more than $1.57 million. Apart from financial ramifications, 49% of respondents express concern over the potential loss of customer, employee, or transaction data, while 43% worry about brand reputation damage, including the erosion of customer trust.

The Australian government witnessed a substantial upsurge in its cybersecurity sector, unveiling a fresh funding package totalling $387 million as a component of the nation’s seven-year cybersecurity strategy.

Outlined within the new strategy are plans to cultivate six "cyber shields" encompassing robust businesses and citizens, secure technology, advanced threat sharing and blocking capabilities, safeguarding critical infrastructure, sovereign capabilities, and resilient regional and global leadership.

The government emphasised that investments in these domains will pave the way for achieving its ambition of attaining global leadership in cybersecurity by 2030.

Australia has a long way to go if it is to be a world leader in cybersecurity by 2030. 

In November, twin events of a cyber-attack on Australia’s biggest port operator, halting 40 per cent of the nation’s maritime freight, and outrage from Australia’s second-largest telecommunications provider highlighted the need for resilient, secure networks. 

Given that digital connectivity underpins every facet of our lives whether that be social, economic or cultural, the success of this strategy becomes paramount. Rapidly escalating public apprehensions regarding privacy, coupled with heightened awareness of data breaches, cybersecurity vulnerabilities, and social repercussions, underscore the urgency for action. Regulators worldwide are scrambling to keep pace with these evolving challenges.

Budgets are expanding, prompting business leaders to take action in several ways:

• Enhancing cybersecurity budgets: 74% of respondents are boosting cybersecurity budgets for the upcoming year, a notable increase from 60% in 2023. They are particularly concentrating on bolstering application and cloud security.

• Strengthening governance and reporting structures: There has been a significant shift, with 33% of cyber teams now reporting directly to the Board, compared to 19% globally.

• Augmenting resilience measures: This includes initiatives like identifying critical business processes, a strategy embraced by 42% of entities in Australia, contrasting with 35% globally.

Is there a fix and what is the solution?

Is Australia ready to respond?

Despite the high confidence among Australian companies regarding the projected increase in revenues for the upcoming year (86%), there remains a critical area for improvement in cybersecurity if they wish to meet their optimistic growth expectations.

Integration of cyber teams into the broader business framework is essential to facilitate enhanced information sharing and collaboration. However, Australian companies lag behind their global counterparts in this aspect. There is a notable contrast in responses regarding the collaboration of cyber teams with other business segments impacting the organisation's cybersecurity posture (13% Australian versus 23% global), as well as in allocating cyber budgets to address the organisation's top risks (12% compared to 23%).