2020 Update to Australia’s Cyber Security Competitiveness Plan

EXECUTIVE SUMMARY

The cyber security sector is flourishing in Australia: growth is strong, a vibrant cohort of young cyber security technology and service providers has emerged and the workforce is expanding.

Australia’s cyber security sector is growing rapidly. Between 2017 and 2020, sector revenue has grown by A$800 million to A$3.6 billion across approximately 350 technology and service providers, who are supported by about 26,500 workers.

The average cyber security provider is young, small and active across the country. On average, they are 8.5 years old, and about 40 per cent are younger than five years. Their youth means that most of these providers employ relatively fewer workers: 88 per cent have fewer than 100 employees.

The COVID-19 pandemic has had short- and long-term economic effects on Australia’s cyber security providers.

A few months after the start of the pandemic, surveys showed that, on average, providers with fewer than 20 employees had experienced a decline in revenue, while the revenue of larger providers was steady or had grown since it began.

Significantly, the pandemic has accelerated digitization trends, which in turn drives demand for cyber security solutions and skills. It has also revealed the extent to which our national wellbeing relies on a range of industries that have not traditionally been recognised as digitised industries that require robust protection.

Australia’s economy is digitising and the cyber security sector must be capable of meeting its protection needs.

Digitisation drives productivity gains and is at the centre of Australia’s future economic prospects. Cyber security is a foundational enabler of digitisation: it builds digital trust and gives businesses and consumers the confidence to transact online, adopt new technologies and create new markets and commercial opportunities. This is apparent in a few recent examples such as the widespread adoption of cloud services and remote working tools and the ubiquity of e-commerce in modern retail trade. The next wave of technologies, such as the Internet of Things (IoT), sophisticated remote operations technology, quantum and artificial intelligence (AI), will further transform the economy.

The Australian cyber security sector will need to continue to mature and develop to secure increasingly complex digital value chains. This does not mean that only local suppliers should provide comprehensive protection to Australian businesses. Rather, our cyber security sector should be capable of coordinating and adapting a range of solutions from around the world to meet national needs.

Australia’s cyber security sector should also become a global leader in the utlisation of secure by design principles, where the application of security guides the development of new digital technology and the rollout of new value chains. Australia is well placed to do this, especially in industries where we have competitive strategic advantage.

The sector is well placed for further growth and success as it continues to tackle familiar challenges relating to innovation, market maturity, investment and skills.

The maturity and competitiveness of the Australian cyber security sector is vital for future Australian prosperity. To achieve this, familiar challenges need to be addressed. New providers with quality offerings need to be supported, funded, connected to the market, and supplied with the skilled workers they need to succeed.

Governments, cyber security sector leaders, educators and investors all have crucial roles to play as the sector matures. Already, a host of effective sector development activities and initiatives have yielded success, including regulatory reform emerging from the Australian Government’s Cyber Security Strategy 2020. The result is that Australia’s cyber security innovation environment continues to mature, more  customers are looking to buy from Australian cyber security providers, and a sophisticated skills training architecture has been developed.