Expression of Interest Guidelines

Expression of Interest Guidelines

by acsgn_admin


AustCyber has been established to maximise the economic value of an Australian cyber security sector that is globally competitive, sustainable, innovative and diverse. We seek to achieve this by delivering key initiatives across five themes to grow collaboration and innovation, assist cyber security startups and scale-ups to access market opportunities in Australia and overseas, direct research to industry needs, support skills growth and capability development and promote fit-for-purpose regulation.

We are a federally funded private entity, which means we are well placed to direct and support high impact, outcomes-focused effort for maximum economic benefit.

What is the AustCyber Project Fund?

The Project Fund has been established to provide matching funding to industry-led projects which address one or more of the knowledge priorities identified in Australia’s Cyber Security Sector Competitiveness Plan, published by AustCyber in April 2017 (available at These priorities are outlined in Table 1 below. Project expressions of interest (EOI) are assessed by AustCyber against the knowledge priorities together with ecosystem demand and national outcome.

An EOI can be submitted by a consortium or a single entity. Funds disbursed per successful project will be dependent upon:

  • the project’s alignment to AustCyber SCP Industry Knowledge priorities
  • applicability of the project outcomes would be to the ecosystem
  • the amount of funding sought and the funds available from the Commonwealth made available to AustCyber through a bilateral Funding Agreement.


The key requirements for a ‘Consortium’ are:

  1. Involvement of no less than two independent businesses; drawn from any combination of small to large service providers, business partners for the solution, education and research entities.
  2. All consortium members must operate business in Australia, or principally in Australia, with a valid Australian Business Number (ABN)
  3. All consortium members should be committed in writing to the project prior to the submission of the EOI.
  4. The consortium can describe, in detail, what each member anticipates the measurable outcome of their contribution to the project be together with a statement of anticipated overall project outcome and how this would be measured.
  5. A consortium lead is identified and is willing to sign a funding contract with AustCyber and separately with their consortium members.

Single entity

The key requirements for a ‘Single Entity’ are:

  • the entity must operate business in Australia, or principally in Australia.
  • the entity should be committed in writing to the project prior to the submission of the EOI.
  • the entity can describe, in detail, what the anticipated outcome of the project is and how this would be measured.
  • the entity is willing to make outcomes of the project accessible to the wider cyber security sector.
  • the entity is willing to sign a funding contract with AustCyber.


EOI eligibility criteria

Proposed projects must be linked to one or more of the knowledge priorities outlined in Table 1. Projects must demonstrate innovative approaches, clear commercialisation applications, pathways and implementation timeframes. The Projects Fund is not intended to support discovery or fundamental research.

Proposed project duration must be no more than 12 months.

The consortium or single entity must have access to, or ownership of, the intellectual property (IP) necessary to conduct the project, should it be required.

The project must demonstrate a national benefit for Australia, with the results available to the whole cyber security sector as far as possible.

Project funding criteria

Overall Project value can be between A$200,000 and A$3 million in any financial year. The Projects Fund does not provide funding for any project with a total budget below A$200,000.

However, if you have an innovative project idea that might not reach the minimum spend, please still submit an EOI. AustCyber is always on the lookout to connect and multiply cyber security capabilities in the ecosystem. We will look for opportunities for collaboration between submitted project ideas, and where possible we will propose new and existing partnerships for larger projects that may meet the minimum spend.

Consortiums or single entities must contribute cash at least equal to the funding provided by AustCyber, either individually or collectively. For example, if AustCyber provides a financial contribution of A$100,000, the consortium members or single entity collectively must provide financial contributions of at least A$100,000. In-kind contributions can be made by participants but will not be included in determining the cash contribution of participants.

Contributions from Australian government agencies, at any level, do not count towards the matched funding contribution and must also be matched with at least equal cash contributions. For example, if AustCyber provides project funds of A$100,000 and government agency contributions to that project are A$50,000, the minimum cash contribution required from the consortium is A$150,000.

Project funding may be used for activities directly related to the project, for example recruitment of skilled Australian labour, equipment testing, software, laboratory disposables, equipment directly related to the activities in the project, materials, travel and accommodation for field activities in Australia. Project funding can be used for capital works where the works are directly related to the project, as approved by AustCyber as part of the EOI process.

Project funding cannot be used to reimburse parties for in-kind contributions or to pay indirect costs of the project. Project funding cannot be used for international travel, salaries for international personnel or students or any overseas activities, unless the parties can demonstrate to AustCyber’s satisfaction the activities are directly related to the project and provide an outcome to Australia.

Reporting on the use of project funding and the cash contribution of participants will be required by AustCyber from successful applicants.

Funding will be payable by instalments to successful applicants (in the case of a consortium – the project lead), as agreed with AustCyber and will be linked to agreed project milestones. The terms and conditions of the funding and timing of instalments will be set out in a contract (Project Funding Agreement) between the project participants and AustCyber. AustCyber reserves the right to terminate Project Funding to the project if agreed milestones are not met.

Selection process

EOIs will be evaluated by AustCyber, who may seek specialist expertise if required. AustCyber may discuss EOIs with applicants for the purposes of clarification and development.

The AustCyber Board has the final approval on whether a project will be funded with evaluation based on available funds, eligibility and alignment with AustCyber’s areas of priority.

Projects will be reported as per the Industry Growth Centre Initiative reporting requirements and any other requirements to be determined by AustCyber. This may include, on agreement with the project lead, media reporting.

Award of funding and reporting

Successful applicants will be notified in writing and required to enter a Project Funding Agreement with AustCyber before being entitled to payments. Projects will not commence until such agreements are in place. Failure to enter into an agreement within 90 days of notification of a successful EOI may result in the funding offer being withdrawn by AustCyber.

The Project Funding Agreement will include full details of the project including scope, milestones, deliverables, funding, governance and oversight arrangements, and reporting requirements.

Within 14 days of funding being awarded, AustCyber will provide details of projects which it funds on its website, excluding confidential information. Information to be published includes:

  • a description of the project and an overview of how the project meets AustCyber’s strategic priorities and the objectives of the Project Fund;
  • a list of project participants; and
  • total AustCyber or any other government funding, and total industry co-contributions for the project.

Reporting on the project is to be provided to AustCyber as outlined in the Project Funding Agreement.

On project completion, the project lead must provide a case study, reporting on what has been achieved through the project.

Submission of EOIs

Submission of EOIs should be provided to once completed or by the closing date for the relevant EOI round.

All submissions must be on the EOI Template in MSWord Format.

If an applicant becomes aware of an error in the EOI (excluding clerical errors which would have no bearing on the evaluation of the EOI), AustCyber should be promptly notified of the error.

AustCyber will not disclose EOI contents and EOI information, except:

  • as required by law;
  • for the purpose of investigations by the Australian Competition and Consumer Commission or other government authorities having relevant jurisdiction; and
  • to external consultants and advisers who may be engaged to assist with the EOI process.

No legal relationship will be created between AustCyber and any successful applicant unless a binding Project Funding Agreement is executed by both parties. AustCyber reserves the right, in its absolute discretion at any time, to vary or extend any time or date specified for an EOI round, and can amend these guidelines and EOI terms and conditions. These guidelines do not form any legal arrangement between AustCyber and any other party.

Table 1: Cyber security knowledge priorities

Full details can be found in the Cyber Security Sector Competitiveness Plan at

1. Emerging prevention, detection and response technologies Prevention: New ways of supporting the nation’s cyber security by discovery and understanding of threats, vulnerabilities and opportunities
Detection: Discovering and assessing intrusions
Response: Recovering from a breach
2. Identity, authentication and authorisation in the cyber domain
  1. Finding new strategies and techniques for systems, applications and individuals to verify, identify and establish trust, including understanding the implications of the abuse of trust
  2. Identifying ways to manage the increasing digital access points (and therefore threat vectors) because of trends toward integrated platforms and mobility
  3. Identifying the best use of advanced sensors/intelligent devices to verify trust
3. Ensuring security, privacy, trust and ethical use of emerging technologies and services such as
  1. Cloud computing
  2. Cyber-physical systems, including IoT, robotics, self-driving cars etc
  3. Machine learning
  4. Big data and data analytics
  5. Mobile applications
4. Approaches to deal with the increasingly ‘shared’ responsibility of cyber security
  1. Developing a better understanding of user behaviour at the macro level (including norms of behaviour in cyberspace and user interaction with integrated platforms) and its impact on cyber security
  2. Ensuring the evolution in cyber security policies and skills closely match changes in technology, our adoption and then dependence
  3. Creating a culture with a deeper understanding of cyber security challenges and breaches, including the importance of information sharing, recognising the interdependence of cyber security with national security, national interest and economic prosperity