Share this article on:
The federal Labor government handed down its first budget in over a decade last night, and while many pundits are trying to figure out the winners and losers, cyber security does seem to be getting a boost.
The budget featured a range of measures to both combat malicious actors and support the industry and businesses at large in mitigating an ever more dangerous threat environment.
But now, industry leaders have had a chance to mull over what Labor’s handed down. Is it enough to keep Australians and Australian businesses safe? Does it address boosting cyber skills and education?
Could more yet be done?
Here’s what the industry thinks of budget 2023.
Jason Duerden, regional director, ANZ, SentinelOne
“Including cyber security-specific accreditations in the mix will equip students and the future workforce.”
The $46.5 million funding package for Australia’s new national cyber security office, including the allocation of $23.4 million for small businesses to bolster their cyber capability, is a necessary investment in uplifting Australia’s cyber security and protecting our economy.
The true threat to Australia’s economy from cyber attacks lies not only in the major corporations that can overcome a breach but [also] in the goods and services, economic contributions and livelihoods that would be lost if the micro-businesses and SMEs that comprise the bulk of our economy were to shutter.
It is also encouraging to see the federal government delivering its commitment from the Jobs and Skills Summit to improve access to digital training and apprenticeships for Australians and address long-term structural issues in the industry.
Including cyber security-specific accreditations in the mix will equip students and the future workforce with the skills Australia needs to successfully deliver a strong cyber security strategy.
David Hayes, regional director, ANZ, Arctic Wolf
“Seeing a stronger relationship between the public and private sectors is more critical than ever.”
With two-thirds of businesses having experienced a security breach in the last year, according to our ANZ Cybersecurity Survey, it’s clear that cyber security is a national concern and priority. As SMEs continue to feel more pressure from the current macroeconomic environment, threat actors recognise that this is the perfect time to strike.
The government’s $46.5 million funding package for Australia’s new national cyber security office, including $23.4 million over three years for a small business Cyber Wardens program, comes at a critical time to support SMEs in building their resilience against cyber threats. Since these types of incidents can significantly impact businesses through a financial, reputational, and regulatory lens, seeing a stronger relationship between the public and private sectors is more critical than ever.
Ben Zyl, chief executive and co-founder, Waave
“With this technology, Australia can lead the world in payments innovation and security.”
On Consumer Data Right funding:
We applaud the government’s recognition of the CDR.
Australia has poured huge money into the infrastructure and security around the ACCC’s new Open Banking framework. This is a huge innovation opportunity, and a vital piece of our payments security puzzle.
Of course, the devil will be in the details. Unfortunately, what we have right now is a vault that barely anyone is using. The scheme has been marketed poorly.
Much of what we hear about Open Banking is related to data sharing, a term that scares businesses and consumers. Consequently, we are one of only a handful of Open Banking use cases domestically.
The government needs a broader program to market the scheme effectively and incentivise companies to start using the infrastructure so it can gain the recognition it deserves as a more secure way to pay. With this technology, Australia can lead the world in payments innovation and security.
It’s a massive untapped market.
On start-up support:
Australia is losing our future rising stars as companies here look to overseas investors.
The Small Business Energy Incentive is smoke and mirrors for Australia’s start-up ecosystem; however, the allocation of funds to help start-ups commercialise their ideas is a positive step. We’d like to see grants like NSW’s MVP Ventures grant expanded nationally.
Our recent seed raise was proof that raises are happening globally, yet people in Australia were very surprised that we were able to in the current market.
Domestically, it is very difficult to get money out of a local VC because they are so broad and cover many verticals. There’s also a perception that fintechs are well funded so they don’t need support from VCs or governments, when in fact, it’s one of the most under-funded and under-developed verticals.
David Lenz, vice-president, Asia-Pacific, Arcserve
“Organisations must remain vigilant in addressing the risks posed by the current threat landscape and advanced AI systems.”
Cyber security remains a paramount concern for Australian SMEs today, and we applaud the government’s targeted efforts to enhance cyber resilience in the 2023–2024 budget. The small business Cyber Wardens program, encompassing in-house training, will upskill the nation’s small business workforce and their cyber safety knowledge.
As cyber criminals relentlessly target organisations of all sizes, businesses must protect their data and allocate resources effectively. The small business instant asset write‑off will support the establishment of comprehensive disaster recovery plans and help address the ongoing skills shortage in the cyber security field, enabling organisations to secure their data with the necessary expertise.
We commend the government for its allocation in supporting the development and uptake of critical technology such as AI. AI is widely anticipated to revolutionise how businesses and society function, and this targeted support for emerging technologies will ensure Australia’s digital economy remains competitive. However, as we embrace the potential benefits of AI, we must not overlook the accompanying security challenges.
Advanced AI systems, such as ChatGPT, can inadvertently increase vulnerabilities by empowering cyber criminals lacking coding experience to develop and deploy malicious software, thereby expanding the attack surface. It is vital that governance becomes a key focus for the National AI Centre to mitigate these risks as we collectively work towards the ethical and responsible use of AI.
In the interim, organisations must remain vigilant in addressing the risks posed by the current threat landscape and advanced AI systems. A data resilience plan delineates the steps a company should take to protect its critical data and systems, as well as the procedures for restoring normal operations efficiently and promptly in the event of a data breach. This plan also offers a blueprint for responding to cyber threats, including detailed guidelines for securing systems, backing up data, and engaging with stakeholders during and after an incident.
By implementing a data resilience plan, businesses can minimise the impact of cyber threats and reduce their risk of data loss, thereby safeguarding their organisation’s ongoing success and survival.
Peter Maloney, CEO, AUCloud
“Ongoing government investment in cyber security is essential to safeguarding our critical infrastructure.”
The announcement of $23.4 million to help small businesses build their resilience to cyber security attacks by training in-house cyber wardens was a welcome initiative as small businesses are particularly vulnerable to cyber attacks, and the repercussions can be devastating.
A successful attack can compromise sensitive information, damage a company’s reputation, and even put it out of business. Therefore, it’s essential for small businesses to prioritise cyber security measures to protect themselves and their customers.
Ongoing government investment in cyber security is essential to safeguarding our critical infrastructure, protecting our citizens’ personal information, and defending against the ever-evolving threats posed by cyber criminals and state-sponsored actors.
In today’s digital age, cyber security is not just a national security issue but also an economic imperative.
Pieter Danhieux, co-founder and CEO, Secure Code Warrior
“With proper funding, our cyber capabilities can rival those of the top players in the industry, yet the government appears to be letting us rot on the vine.”
With the sustained focus on emerging dominant technologies like AI and quantum computing — not to mention the increased cyber risk brought on by their use in the wrong hands — it is refreshing to see that the Albanese government has thrown support behind their development in the form of funding in the latest federal budget. As it stands, according to the National Cyber Security Index (NCSI), Australia ranks at number 40 in terms of our government-implemented cyber security capacities.
This lags behind some developing nations, as well as the pace of our own adoption of the latest technology at both the business and individual levels.
Over the past few years, funding has been focused on protecting critical infrastructure, defending against cyber conflict and nation-state attacks, and enhancing our security intelligence and cyber offence capabilities. While these are all crucial areas, it’s also necessary to expand our defence efforts to cover enterprises and SMBs, particularly those who are creating or utilising sensitive software.
Funding for the small business Cyber Wardens program via the Council of Small Business Organisations Australia (COSBOA) is a step in the right direction, with up to 50,000 cyber wardens set to be trained in the next few years. I do wonder, however, how much of this program will involve tackling code-level vulnerabilities and filling security knowledge gaps in development teams across the country.
Overall, to remain competitive, we must also invest in developing our homegrown solutions and talent. To that end, it has been incredibly disappointing to observe organisations like AustCyber — once a strong pillar of Australia’s cyber security community — slowly transform into something ineffectual, with little to no influence on the industry at large. The recent closure of the CyRise Accelerator program is also a worrying sign for the future of our cyber security start-ups.
With proper funding, our cyber capabilities can rival those of the top players in the industry, yet the government appears to be letting us rot on the vine. It is simply baffling in the wake of our worst year on record for cyber attacks.
Crispin Kerr, ANZ area vice-president, Proofpoint
“We urge the government to consider the growing risk of insider threats, which can result in material loss of sensitive data.”
The federal government’s announcement of $101.6 million over five years from 2022–23 to support and uplift cyber security in Australia is a strong step towards enhancing Australia’s cyber security preparedness. As we continue to make strides to become one of the most cyber secure nations by 2030, collaboration between government agencies and the private sector is essential.
While we welcome this ongoing investment and the previous year’s announcement of a cyber security strategy, both the government and industry have blind spots. Initiatives such as the ACSC’s Cyber Threat Intelligence Sharing Program can help advance Australia’s cyber resilience by addressing these blind spots and leveraging collective capabilities to solve cyber security challenges.
We urge the government to consider the growing risk of insider threats, which can result in material loss of sensitive data. In a recent global survey for the 2023 Voice of the CISO report, Proofpoint found that 69 per cent of security leaders in Australia reported dealing with such losses in the past year, with 70 per cent attributing it to employees leaving the organisation.
Failure to manage these threats adequately can lead to loss of intellectual property, decreased productivity, and damage to brand reputation.
No organisation is immune to insider threats due to a shared characteristic: people. After all, data doesn’t lose itself; people take or mishandle data. As a result, tackling insider threats and increasing awareness requires a people-centric approach that goes beyond content to understand context.
Adrian Covich, senior director, systems engineering APJ, Proofpoint
“Proofpoint research also shows that conversational text scams were the fastest-growing and most prevalent mobile threat of the past year globally.”
Proofpoint welcomes the $86.5 million in funding over four years for various programs aimed at combating online scams and fraud. 2022 saw some of the highest total losses in history, affecting both small and large local businesses and everyday Australians in devastating ways. The Australian Competition and Consumer Commission’s Scamwatch shows that so far in 2023, there have been almost 108,000 scams reported, equating to over $194 million in financial loss.
Text message remains the most common delivery method for scams, with 46,000 reports on text message scams amounting to over $11.5 million in financial loss in 2023. Proofpoint research also shows that conversational text scams were the fastest-growing and most prevalent mobile threat of the past year globally, increasing by 1,200 per cent and overtaking the likes of package delivery scams.
We urge Australians to never give out personal or financial information to someone they do not know. We also encourage them to not click through links or open attachments from unknown senders; look out for spelling and grammatical errors in messages sent by strangers; and err on the side of caution when they receive messages that come out of the blue with investment offers or travel and other prizes.
Pete Murray, managing director, Veritas Technologies
“Businesses of all sizes must have support in order to effectively implement ransomware resiliency plans to better protect sensitive data.”
While it’s important and worthy of praise to see the government draw some attention to privacy and the threats to national security through the activation of the National Reconstruction Fund to build our nation’s cyber resilience, Veritas believes that it is critical to include more funding towards packages that close the transformation and resiliency gaps in Australia.
With more digital attacks expected to be faced not only by the government but also by the average individual, it is more critical than ever to have multiple lines of defence in place that secure Australians’ online data; developing proactive rather than reactive cyber security strategies.
Businesses of all sizes must have support in order to effectively implement ransomware resiliency plans to better protect sensitive data. The public and private sectors need to work together so that businesses are better placed for quick detection, mitigation, and an even quicker recovery from online threats in today’s complex multi-cloud environment.
Jacqueline Jayne, security awareness advocate, APAC, at KnowBe4
“Cyber security must be a shared focus, and we can’t rely solely on the government or technology when combating or avoiding personal or organisational cyber incidents.”
While there are many positive, actionable programs and initiatives in this budget related to keeping Australians safe online, the missing element, once again, is preventative measures. Yes, supporting the detection and disruption of scams is critical, and we need that. However, there are potentially more sustained and scalable results in the prevention of people clicking and engaging with these scams in the first place.
Empowering Australians to make better decisions when it comes to security should be the goal.
Prevention equals ongoing and relevant education for every single Australian to increase their basic cyber hygiene and be able to spot the red flags for phishing (malicious emails), smishing (malicious SMS), vishing (voice version of phishing), and even QR code phishing.
Just like we have done with Work Health Safety and picking up a box correctly and reporting near misses and just like we have done with sun safety and driving safely. Cyber security must be a shared focus, and we can’t rely solely on the government or technology when combating or avoiding personal or organisational cyber incidents. Basic awareness and implementing some simple online practices will go a long way in protecting our data and money from cyber criminals.
As I have stated for the last four years, cyber security is everyone’s responsibility, and it’s time we, as a nation, address human error together.
John Donovan, managing director, ANZ, Sophos
“Change for the better cannot occur purely through government action.”
It is great to see the federal budget is addressing such a persistent threat troubling Australians by creating an SMS sender ID register. Putting funding towards blocking cyber criminals from impersonating government agencies through messages will help reduce the most prominent avenue of attack, as the ACCC found SMS to be the most-used contact method in 2022.
However, change for the better cannot occur purely through government action. Awareness is needed. Australians need to ensure they are playing their part in alerting family and friends on popular scams that are circulating and are reporting scams whether they have fallen victim or not. This will be vital to staying safe from scams in the future.
Nathan Knight, managing director for Australia and New Zealand, Hitachi Vantara
“It is very encouraging to see the government’s incremental investment in cyber security to help protect the innovation and capabilities of our citizens, businesses and federal agencies.”
We welcome the federal government’s focus on data and digitisation fit for purpose in the modern business economy. Indeed, investing in new technology to achieve competitive differentiation should become a key focus for businesses in the year ahead as organisations deploy solutions that drive revenue and make them more productive. A part of that investment will involve investing in IT skills, digital identity, Quantum computing, and AI, which in the long run will enable companies to be more agile and productive.
In addition, it is very encouraging to see the government’s incremental investment in cyber security to help protect the innovation and capabilities of our citizens, businesses and federal agencies. This aligns strongly with the development of a strong and credible sovereign ecosystem, a critical outcome from the recent pandemic.
During times of rapid change and global economic uncertainty, it can be tempting to put your head down and simply continue with business as usual. At the same time, we can no longer afford to see innovation in everyday business processes stifled by the immediate requirement for day-to-day productivity. This is simply no longer an option, and the government’s budget now provides a positive incentive to take the risk to innovate to develop and adopt smart technologies such as cloud and AI for long-term success. At the same time, investment in a healthy Australian IT industry will help attract the best talent to the profession, increase the diversity of skills, and carve out new export opportunities.
Doris Spielthenner, managing director, SMA Solar Technology Australia
"The more untested devices and software applications in use simultaneously, the more backdoor ‘loopholes’ that exist for hackers to target."
Australia must consider a uniform approach to cyber security within the energy industry, aligned to global cyber security standards. The regulator must also listen to global manufacturers who are already successfully navigating stringent cybersecurity regulations in Taiwan or the US, for example. There are simply too many different regulations between states when it comes to managing energy exports from rooftop solar, and unfortunately, the more untested devices and software applications in use simultaneously, the more backdoor ‘loopholes’ that exist for hackers to target.
Andrew Black, managing director, ConnectID
"What the Budget shows us is that the Government is committed to helping people conduct their daily lives online with confidence, security and privacy."
The 2023-24 Australian Federal Budget presents an opportunity to prioritise the development of digital identity to really accelerate progress, implementation, and adoption for a safer digital economy. As more and more of our services become online, the need for robust digital identity verification systems has become increasingly urgent for the sake of data protection as well as user experience. What the Budget shows us is that the Government is committed to helping people conduct their daily lives online with confidence, security and privacy.
ConnectID is the bridge between digital identity providers and businesses, so we’re excited to welcome investment into a better identity system for Australia. What will be key, however, is the integration of government-run digital IDs into the private sector to really see the impact. A secure and user-friendly digital identity ecosystem that has citizen choice and interoperability embedded throughout has the potential to not only improve the convenience and efficiency of online transactions but also enhance privacy protections and reduce the risk of identity theft and fraud.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.