How the Australian federal government will invest in cybersecurity

The Australia federal government announced the budget for the next fiscal year 2023-2024, which includes investments just shy of $200 million in cybersecurity. This is not as spectacular as last year’s $9.9 billion investment solely in the REDSPICE program, but it does target other areas in need of support and will also be used to help existing cybersecurity programs and increase small business awareness.

The government has allocated $101.6 million to be distributed over five years to “support and uplift cyber security in Australia.” This amount will be spent as follows:

• $46.5 million over four years from 2023–24 to establish the coordinator for cybersecurity, first announced in February, to ensure that the Commonwealth’s cybersecurity efforts are strategic, coordinated, timely and effective. “The coordinator will be supported by the National Office of Cyber Security and dedicated resources from within the Department of Home Affairs and other Commonwealth entities, with capacity to surge further in the event of a cyber incident,” stated the Budget papers.
• $23.4 million over three years from 2023–24 to the Department of the Treasury for a small-business Cyber Wardens program delivered by the Council of Small Business Organisations Australia (COSBOA), to support small businesses to build in-house capability to protect against cyber threats. The existing program was first announced in October 2022 by COSBOA and had initially been sponsored by the Commonwealth Bank of Australia (CBA) and Telstra.
• $19.5 million in 2023–24 to continue work to improve the security of critical infrastructure assets and assist owners and operators to respond to significant cyber-attacks.
• $12.2 million in 2023–24 to sustain cyber resilience of Commonwealth entities currently serviced by the Cyber Hubs pilot program and to continue assessment and certification of services providers used by the Commonwealth entities to host data. A 12-month pilot started in July 2021 by the Department of Home Affairs and the Department of Defence and Services Australia, later extended to January 2023.

These investments will be partially met from within the existing resources of the Department of Home Affairs and by redirecting funding provided to the Australian Taxation Office for Cyber Hub pilot activities.

Small- and medium-sized businesses are the target of 60% of cybercrime, which is now costing Australia more than $33 billion in reported losses per year, according to budget papers. “The Cyber Wardens program will address this vulnerability by equipping small businesses with the foundational skills they need to improve cyber safety.” The program will support more than 15,000 small businesses.

Other investments in cybersecurity include $88.8 million over two years from 2023–24 to support the continued operation of the Consumer Data Right in the banking, energy and non-bank lending sectors, progress the design of action initiation and uplift cybersecurity.

The Australian Sports Foundation will get $3.8 million in 2023–24 to enhance the organisation’s information technology network to address emerging cyber security risks.

The Australian government will also establish a National Anti-Scams Centre to better protect Australian consumers and business by improving cooperation between government and industry to respond to increasingly sophisticated scam activity and provide consistent communication and messaging on scam protection and prevention.

Another topic discussed in the papers was digital identity, which intends to making it safer and easier for people to verify their identity digitally while minimising the collection of personal information. The use of the digital ID will be voluntary. The federal government hopes this will result in businesses storing less personal information, minimising the impact of any potential data breaches, such as the many experienced recently including Optus and Medibank, which exposed the data of 10 million people, and Latitude Financial, which exposed data from 14 million people.

The creation of the National Cyber Security Coordinator and the establishment of a National Anti-Scam Centre, among other initiatives, demonstrate a strategic and holistic approach to enhancing Australia’s cyber resilience, according to Michael Bromley, CEO at Stone & Chalk Group and AustCyber. “It’s also noteworthy that this year’s Federal Budget has a specific focus on digital ID initiatives, which are crucial for safeguarding our national digital infrastructure and building trust in our digitally enabled economy,” he told CSO.

As the leader of a cybersecurity and startup advisory, he does think there should be more investment towards startups beyond this year’s budget and investment in other training programs such as the Australian Cyber Security Professionalisation Program (ACSP), offered by the organisation in partnership with ACS, AISA, KordaMentha, ISACA, AIIA, RMIT University, Tech Council of Australia, TAFEcyber and (ICS)².

All in all, Bromley said that the “allocations for cyber security and emerging technologies reflect a balanced and strategic approach to both innovation and security”.

Others believe the latest budget still lacking preventive measures. Jacqueline Jayne, security awareness advocate APAC at KnowBe4, said in a statement that supporting the detection and disruption of scams is critical, however, there are potentially more sustained and scalable results in the prevention of people clicking and engaging with these scams in the first place.

Authors’ note: The cyber hubs project has been discontinued by the federal government in May 2023, two weeks after the budget was announced.