Cyber security is emerging as one of Australia’s most promising growth sectors
A surge in demand for cyber security products and services globally – driven by the growing need of organisations to protect their digital assets and databases from malicious activity – bodes well for Australian security companies.
Market trends point to tremendous economic opportunity. Global annual spending on cyber security increased by 10 per cent to US$145 billion in 2018 and is expected to remain robust in coming years. The outlook for cyber security spending in the Indo-Pacific region, which includes Australia’s immediate Asia-Pacific neighbour states, as well as China and India, is particularly strong. Australia’s innovative cyber security companies are gaining respect and success both at home and in international markets.
Cyber security is not only a dynamic sector offering a new source of economic growth and prosperity to Australia, it is also an enabler of growth through digital transformation in every sector of the economy. As businesses rely on the confidentiality and integrity of digital information, a strong domestic cyber security sector is critical for Australia’s competitiveness and international reputation as a trusted place to do business, and for the nation’s continued economic growth.
Australia is an ideal growth environment for cyber businesses
Australia’s cyber security sector has a strong reputation internationally. Australia ranks as the world’s seventh most committed cyber security country , according to the International Telecommunication Union’s 2017 Global Cybersecurity Index.1 Australia’s ‘cyber maturity’ is the second highest in the Indo-Pacific, according to an annual survey by the Australian Strategic Policy Institute, which assesses how well governments worldwide invest in cyber security policies and legislative structures, business and digital economic strength, responses to financial cybercrime, military organisation, and social cyber awareness.2 The Global Open Data Index also ranks Australia second in the world for policies that support cyber security and allow government data to be openly available to the public.3
Australia offers an ideal growth environment for cyber businesses, thanks to strengths in core research areas like quantum computation, wireless technology, trustworthy systems and niche high-value hardware. Further drawcards for investment include Australia’s large services economy, quality education system, sound governance settings, economic stability, low sovereign risk and high living standards. The proximity to the fast-growing and increasingly digitised Indo-Pacific region adds to Australia’s natural advantages.
These existing strengths put Australia in a favourable position to develop a vibrant and globally competitive cyber security sector. Economic analysis shows the sector has the potential to almost triple in size in coming years, with revenues soaring from just over A$2 billion in 2016 to A$6 billion by 2026.4
To seize the extensive opportunity, Australia needs to act urgently
Several hurdles are making it difficult for Australia to fully harness existing advantages and develop a sizeable world-class cyber security sector. To capitalise on the enormous opportunity in cyber, Australia must address its skills shortage, focus efforts in research and development, improve the environment for startups, enhance access to global markets, and robustly measure the growth of the sector and its impacts on the broader economy. The Australian economy needs to nurture a sophisticated and resilient cyber security culture. This requires a shift in mindset for decision makers within businesses as well as across the entire spectrum of employees, suppliers, and policymakers. More organisations will identify the value in investing in and supporting cyber capability when they recognise cyber security extending beyond risk mitigation and understand its role in driving economic growth.
Tackling the cyber security skills shortage
New research, undertaken exclusively for this (2019) updated Sector Competitiveness Plan, draws on a range of job market data, showing that the skills shortage in Australia’s cyber security sector is more severe than initially estimated and is already producing real economic costs.
Australia may need almost 17,000 additional cyber security workers by 2026 for the sector to harness its full growth potential. The workforce shortfall has significant economic consequences. In 2017, the domestic cyber security sector is estimated to have forfeited up to $405 million in revenue, which companies could have generated if they had been able to find enough cyber security workers to fill existing vacancies.
The good news is education providers have sprung into action over the past year to cater for the growing demand for cyber security talent in Australia. Approximately half of all universities in Australia are now offering cyber security as a specific degree or as a major in IT or computer science degrees. The vocational education and training sector is increasing its emphasis on cyber security education. Leading TAFEs around the country joined forces in late 2017, coordinated by AustCyber, to play a greater role in providing nationally consistent cyber security training.
Together, these new cyber-specific degrees, certificates and diploma level courses will have a strong positive impact on Australia’s future cyber security workforce. It is expected that the number of cyber graduates could quadruple from around 500 per year in 2017 to about 2,000 a year in 2026, based on the current course offerings by cyber security education providers.
However, this still leaves a significant shortfall of workers in the medium-term. Analysis for this Sector Competitiveness Plan shows there are risks to this mobilisation in the education system, and more action is required.
Australia needs to nurture early interest in cyber security to attract the best and brightest to the sector, continue to ramp up cyber security education and training, create industry-led professional development pathways. We also need to help workers with related skills transition from the wider IT sector and other industries into the diverse range of cyber security technical and non-technical work roles required by employers.
More details are in the Spotlight on Australia’s cyber security skills shortage below.
Overcoming the research and development challenge
Australia continues to demonstrate excellent and world-leading cyber security research capability. However, there are signs that its system of research and commercialisation is less efficient than in other leading cyber security nations such as the US and Israel.
Scattered public funding for cyber security research and development weakens Australia’s ability to lead on innovation. Limited collaboration between the research community and the private sector further undermines the commercialisation of basic research ideas into marketable solutions.
In 2017 the Australian Government acknowledged that cyber security is a strategic priority and invested $50 million over seven years into a new industry-led Cyber Security Collaborative Research Centre (Cyber Security CRC) which commenced operation in mid-2018. The government funding adds to almost $90 million from a consortium of 25 industry, research and government partners, and will be critical to strengthening Australia’s cyber security research and development capabilities.
The Australian Research Council has also incorporated cyber security into its funding priorities for the Industrial Transformation Research Program. The scheme is intended to fund research hubs and research training centres. It also helps students in Higher Degree by Research and postdoctoral programs to gain practical skills and experience through placement in industry.
AustCyber’s Projects Fund provides a further $15 million over three years to finance industry-led projects aligned to the Knowledge Priorities outlined in this document, along with ten Sector Challenges supporting sustained sectoral growth. It encourages businesses to collaborate with academics to seed ecosystem-wide outcomes.
Australia needs to continue to improve research focus and collaboration to assist commercialisation – replacing the scattered approach to public research and development funding with a more targeted strategy that plays to Australia’s strengths – and make access to seed and early-stage venture capital easier.
Removing market barriers for small Australian cyber security companies
Australia is home to a growing number of globally successful cyber security companies. These companies have proven their ability to develop and commercialise innovative cyber security products and services. Yet many others, particularly startups, continue to face barriers to growth. They often lack the business acumen, established credibility and scale to win key contracts with large industry or government customers in Australia and abroad.
In 2017 AustCyber launched a new platform, GovPitch, where small businesses can present innovative cyber security ideas directly to public sector officials. The initiative is designed to help startups gain anchor customers and grow quickly by providing an alternative procurement pathway.
To better connect small businesses to the Chief Information Security Officers (CISOs) of ASX-listed companies, AustCyber and CISO Lens partnered on a new program called Sky’s the Limit.
Australia needs to continue efforts to help startups find their first customers, including analysing barriers and risks to government agencies and established businesses working with startups, promoting partnerships, providing coaching, showcasing Australian cyber security products and services to potential customers, and simplifying procurement processes.
Measuring the growth and development of the Australian cyber security sector and its impacts across the economy
New analysis for the 2019 update
Because cyber security as an industry is relatively new, Australia’s standard classifications of industries and occupations do not accurately capture the sector’s activity well. Cyber security as a business activity, as well as economic endeavour, cuts across multiple sectors and industries including critical infrastructure, services and technologies. It includes not only cyber security providers who comprise the cyber security sector, but also organisations in other sectors that employ cyber security specialists and skilled personnel. Further, cyber security products and services protect and enable much of the digital economy, but the benefits of cyber security have not been studied to the necessary depth and richness.
Solving these measurement challenges will allow governments to form more robust and sophisticated industry development policies; encourage investment in the sector as well as into building organisational cyber security resilience; and help cyber security companies to understand their commercial surroundings and the growth opportunities available to them.
Australia needs to improve measurement of the Australian cyber security sector and its impact to enhance understanding of the sector and track progress on addressing other sector challenges. Measurement of fundamental economic metrics such as the size of the sector and its value add to the economy can serve as a foundation for analysis of the broader impacts of cyber across the economy, including its role as an enabler of growth and its contribution to overall prosperity.
An action plan to position Australia as a world-leading cyber security nation
The Sector Competitiveness Plan sets out strategies and actions that Australian governments, the private sector, training and research institutions, and AustCyber can undertake to ignite growth in Australia’s cyber security sector. Figure 1 provides an overview of the key elements of the Sector Competitiveness Plan.
- Australian Government Department of Industry, Innovation and Science (2017), Industry Growth Centres. Available at: https://industry.gov.au/industry/Industry-Growth-Centres/Documents/Industry-Growth-Centres-Overview.pdf.
- International Telecommunication Union (2017). Global Cybersecurity Index (GCI) 2017. Available at: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf.
- Australian Strategic Policy Institute (2017). Cyber maturity in the Asia-Pacific Region 2017. Available at: https://www.aspi.org.au/report/cyber-maturity-asia-pacific-region-2017.
- Open knowledge international (2017). Global Open Data Index - Australia. Available at: https://index.okfn.org/place/au.
- Australian Cyber Security Growth Network (2017). Cyber Security Sector Competitiveness Plan.
Plan at a glance
Growth opportunities for Australia
Challenges to sector growth
Building a competitive sector
More about AustCyber