Australia’s Cyber Security Sector Competitiveness Plan 2022

Executive Summary

The cyber security sector generates and protects significant economic value for Australia. Ongoing support for the sector is critical.

  1. AustCyber has played an important role in the progression of the Australian cyber security sector. Driven by the mission of growing, exporting and education since its inception in 2017, AustCyber (now part of the Stone & Chalk Group) has aided the development of a vibrant and growing network of Australian-based cyber security firms. Today, there are an estimated 291 firms in the sector.
  2. The cyber security sector in Australia will contribute an estimated $2.4 billion to the country’s Gross Domestic Product (GDP) in 2022, up from $2.2 billion in 2020. There are 47,000 people working in cyber security roles in 2022, making it a larger employer than the medical technology sector.
  3. Australia’s cyber security sector acts as the frontline defence against increasingly frequent and severe cyber attacks. A cyber attack targeting Australia occurs every two minutes. Experts suggest that this will double by 2027. Recent incidents show how costly and disruptive these attacks can be, with an active network intrusion estimated to cost up to $12.6 billion.

Australia’s forecast annual revenue growth of 5.5 per cent is low and slower relative to leading international peers. Australia risks falling further behind unless it addresses three challenges.

  1. Limited startup support - Australian cyber security startups have limited access to funding and research support. In 2022, Australian startups generated 300 times less funding than Israeli and Canadian startups. Government funding directed to cyber security research has also decreased from $9.8 million in 2019 to $7.5 million in 2022.
  2. Lack of export access - Australian cyber security firms are focused on servicing a relatively small domestic market. The Australian market represents only 2.1 per cent of global cyber security demand. Australian firms are not yet taking full advantage of the global opportunity, with only 50 per cent of firms exporting and export revenues accounting for a smaller share than other international peers.
  3. Workforce shortages - There will be 3,000 fewer cyber security workers than required by 2026. There are more people entering the sector, with enrolments and skilled migration numbers growing (albeit at a much slower rate compared to before COVID-19). Yet, this is not fast enough to keep up with attrition from the sector and increased demand.

There is an opportunity for Australia’s cyber security sector to catch up with its peers. Australia can add $800 million to its annual cyber security revenue by 2026 through three key actions.

  1. Support research, innovation and startup development - Increasing R&D funding through ARC grants and increasing the scope and clarity of R&D tax incentives will support cyber security research and industry development. Continuing to collaborate across sector stakeholders and mature the innovation hubs will support a stronger innovation ecosystem.
  2. Bolster domestic procurement and export capability - Ensuring that government procurement processes are accessible to small, local firms will support continued growth in domestic revenue. Continued trade outreach, including trade delegations, export support and study tours, will facilitate export growth.
  3. Attract local and international talent - Providing incentives and support for school leavers and skilled workers to train in cyber security will strengthen the cyber talent pipeline. Increasing the number of cyber security skilled migrants will mitigate short-term shortages.