The industry speaks: Australian federal budget 2024 wish list

There’s no such thing as a budget that makes everyone happy. Money doesn’t appear out of thin air, and all too often, Peter must be robbed to pay Paul.

However, that doesn’t stop anyone from being hopeful; the cyber security business is no different.

Here’s what a selection of industry luminaries are hoping Jim Chalmers delivers tomorrow.

Sadiq Iqbal
Cyber security adviser at Check Point Software Technologies

I would like to see the federal budget allocate an increased investment in driving the Australian cyber strategy to the next level, from vision to practical reality. This could include the establishment of a cyber force to deal with increasing foreign state-sponsored attacks against our most critical infrastructure entities. There should also be funding to support the go-live of the promise to provide small and medium businesses with both security health checks and guidance around building a strong cyber defence, along with a support hotline for incident response.

In addition, increased investment in building cyber security awareness is critical for all Australians to be better prepared to deal with the constant threat of phishing attacks in the many forms they face on a daily basis, from emails to phone calls to text and social media. For example, free community awareness training, or a hotline or government website to verify the legitimacy of suspected scams and also to provide immediate support in the case of a ransomware or sextortion attack, which have sometimes caused rather dire consequences for the victims. Another idea could be a government-funded made-for-television and social media educational campaign on cyber awareness, highlighting security precautions with viral humorous undertones as was recently undertaken in New Zealand.

Simon Howe
Area vice-president, Australia and New Zealand, at ExtraHop

We encourage the federal government to support Australian businesses with an uplift in their cyber security posture with tax incentives and subsidies for program investments. According to the OAIC, the period from July to December 2023 saw 483 data breaches, up 19 per cent from the first half of the year, with malicious or criminal attacks being the leading source of data breaches. In addition, the 2024 ExtraHop Global Cyber Confidence Index found [that] Australian organisations are generally ill equipped to manage and mitigate their cyber risk, with many acknowledging they are frequently the victim of ongoing threats and falling behind when it comes to identifying and remediating threats.

VIEW ALL

Amid a recent uptick of attacks against the world’s most profitable industries and critical infrastructures, and industry regulatory bodies tightening compliance rules, understanding an organisation’s ability to effectively manage cyber risk is more critical than ever before.

Jason Duerden
ANZ regional director at SentinelOne

The federal government’s continuous focus and investment into key areas of technology, such as online services and research and development, calls for even more investment in cyber capability in the public and private sectors. Aligned with the 2030 national cyber security goal of the Albanese government and acceleration of AUKUS, the federal government must also diversify supply amongst industry by supporting sovereign firms and specialist cyber security firms.

Pieter Danhieux
Co-founder and chief executive of Secure Code Warrior

The release of the National Cyber Security Strategy came with the ambitious vision of making Australia a world leader in cyber security by 2030. To achieve this, I believe we need more targeted funding at the coalface of cyber security innovation in this country. My wish list would certainly include: funding for start-ups and scale-ups, building local cyber security technology and export to the Five Eyes, NATO countries and the Pacific region to protect our national security interest; funding to protect small and medium businesses from cyber attacks and funding to improve secure-by-design and secure-by-default initiatives in enterprise software and critical infrastructure at their source.

There is no doubt that the federal government is making some headway in establishing core cyber security functions in our future, with progress made via ongoing initiatives like reform to the National Cyber Security Strategy and now millions in funding for the Credential Protection Register.

The Credential Protection Register – if able to be successfully navigated by the average citizen – is a great initiative in protecting the personal information of individuals from abuse, but it is also a very reactive approach to cyber security. It is difficult to see this as a measure to target the core issues that lead to breaches like Optus, Medibank, and so many more that others have recently experienced. The root causes of these breaches are human errors and badly written software. With all the progress made on generative AI and developer co-pilots, the amount of software used and built will grow exponentially in the next few years. The only viable path forward is for a higher standard of security in the software we trust with our digital lives.

Additionally, the persistent lack of funding and support for home-grown cyber security skills and technology is disappointing and dampening our ability to compete on the world stage. We have so much talent and top-notch firms right here, and we’re fighting for a true partnership with the government.

Anthony Daniel
Regional director, Australia, New Zealand and Pacific Islands, at WatchGuard Technologies

The federal government should invest in increased funding for national cyber security initiatives aimed at improving digital resilience and combating evolving cyber threats. This could involve specific allocations for the deployment of advanced security solutions to protect critical infrastructure and sensitive data.

There should also be incentives or tax breaks to encourage Australian businesses and organisations to invest in robust cyber security measures that could stimulate the adoption of cutting-edge technologies to better safeguard against cyber attacks and breaches. Finally, there should be support for initiatives that promote cyber security education and workforce development. This would help address the growing demand for cyber security professionals and contribute to the overall cyber resilience of the nation.

Thomas Fikentscher
Area vice-president for ANZ at CyberArk

This budget cycle presents a critical opportunity to invest in a “future made in Australia”, ensuring our industries are resilient, forward-thinking and secure. To achieve this, we need two things.

A mandate to ensure that secure-by-design principles are front and centre where cyber threats are considered from the outset so we can protect consumer privacy and data through designing, building and delivering products and systems with fewer vulnerabilities.

We also need a significant expansion of our cyber security workforce. This requires innovation in our workforce strategies, encouraging transitions from diverse fields into cyber security – a sector poised for explosive growth. To facilitate this, the education department, along with TAFEs, universities, unions, and industry bodies, must be supported in collaborating intensively.

Together, we can build a robust cyber security framework that supports our ambitions to lead in green energy and technology innovations like GenAI.

Nam Lam
Australia and New Zealand managing director at SailPoint

The government must prioritise decisive action to achieve its goal of making Australia the most cyber secure nation by 2030. It’s time to fund specific cyber security measures, refine digital privacy regulations and establish clear standards. Currently, vague policies are leaving businesses struggling with compliance.

A focused task force should follow the Pareto principle to tackle the top vulnerabilities causing the majority of the breaches, centred on the leading causes, which we know are stolen and compromised credentials. Smarter penalties and incentives for cyber security compliance are crucial, ensuring boards recognise the value of proactive security before a costly breach occurs.

This is not about ambition – it’s about safeguarding critical data and facilitating secure digital transformation. With healthcare, banking and government among the top five most breached sectors, the urgency is clear. These industries need help calculating the ROI of cyber security investments and must understand that putting identity at the core of cyber security is crucial to their operations and reputation.

Dr Martin J Kraemer
Security Awareness Advocate at KnowBe4

We applaud the government’s plans to establish a mobile app for the Credential Protection Register, as well as Commonwealth Bank’s similar in-house app. This new initiative is encouraging and with the addition of education and awareness, these government measures will support the decrease of Australians becoming victims of cybercrime. We are also highly in favour of layered defences and strong collaboration between consumers, business and industry.

However, it is important to remember that anything is hackable and a government app is no exception. Even these accounts rely on external partners and vendors. It is therefore crucial that proper access controls, privilege restrictions, and monitoring be implemented for those accounts. Users should only have the bare minimum access needed to perform their duties of alerting impacted people.

Continued education to help Australians make better decisions when it comes to security should be the goal. Consumers should not presume they are fully protected simply by using these apps. We need to continue to educate the public about best-practice security including unique passwords, multi-factor authentication, and constant vigilance for potential phishing attempts.”

Sumit Bansal
VP Asia Pacific and Japan at BlueVoyant

The new Australian government app to help notify users of identity misuse is an important initiative that will help protect consumers, however more also needs to be done earlier in the security process to prevent cyber criminals gaining access to private customer data in the first place.

While protecting from identity credential theft is crucial, online credentials shall also be considered, and protocols must be implemented to protect these just as if they were identity credentials. Often stolen from the users themselves using various phishing techniques or malware, online credentials can provide access to confidential data and permissions to perform personal actions on behalf of the victim. Security mechanisms such as multi-factor authentication (MFA) and phishing detection and remediation should be not only organisations’ concern, but also governments.

Want to learn more about the impact of this budget on Australia’s defence industry? Then you need to attend Momentum Media’s Defence Connect Budget Summit 2024.

A year on from the launch of the government’s release of the Defence Strategic Review and following the recent release of the Independent Analysis into Navy’s Surface Combatant Fleet, this must-attend event will offer the opportunity to engage directly with the decision-makers and thought leaders charged with delivering the government’s transformational defence programs and shaping our national security.

Numbers for the summit will be limited, and those hoping to secure a table at the event will need to move quickly – a waitlist will be created on a first-come, first-served basis.

You can learn more about the event and how to reserve your place here.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.