SCP - Appendix A: Detailed state of the states analysis

State profiles are based on insights gleaned from AustCyber’s Digital Census 2020. No cyber security provider participating in the Census recorded themselves headquartered in Tasmania or the Northern Territory, so these two jurisdictions are not described in this section. As the cyber security sector continues to mature, we expect that Tasmania and the NT will develop their own local hubs as several providers are already active in these locations.

ACT
The ACT has a strong community of cyber security providers that are focused on servicing government and defence clients

Overview

Relative to population, there are more cyber security workers in the ACT than in any other state or territory in Australia.1 The ACT hosts an active startup community, the members of which have formed collaborative relationships with each other to meet the needs of large clients, including Australian Government agencies.
 

Provider snapshot

Provider snapshot

The average age of ACT cyber providers is 7.5 years, slightly below the national average of 8.5 years, and 44 per cent of the ACT's providers were founded less than five years ago. Providers such as WorldStack, Cybermerc, Quintessence Labs, Penten, and FifthDomain are examples of the ACT's vibrant startup community, which is supported by the Canberra Innovation Network, as well as universities including the Australian National University (ANU) and the University of New South Wales (UNSW).

The top three products and services offered by ACT cyber providers are cyber governance and risk, penetration testing, and threat intelligence analytics. The ACT is a training hub for cyber security, and a centre of research and development that spans universities, Australia's national security agencies and the startup community.

At 29 per cent, well below the national average of 43 per cent, the ACT has the lowest rate of cyber providers exporting of any of the states or territories. This is in part due to ACT providers' specialty in serving Australian Government agencies, which can often make it difficult to serve equivalent clients overseas, especially if selling to defence or national security.
 

Education, skills and research

Education, skills and research

The ACT is a major centre of cyber security education and research, hosting several important institutions including the Australian Centre for Cyber Security at UNSW Canberra, and the College of Engineering and Computer Science and National Security College at the ANU. The ACT is also home to AustCyber's national office and the Canberra Cyber Network - a partnership between ANU, UNSW Canberra, Data61, University of Canberra and Canberra Institute of Technology.
 

Territory government support

Territory government support

The ACT Government has identified cyber security as a driver of job creation in Canberra and the Territory's digital strategy recognises the important role that cyber security plays in helping build the 'government of the future'. This commitment to innovation is exemplified by the government's $607,000 funding boost to the Canberra Innovation Network, which aims to connect innovation and entrepreneurship with the territory's strong capabilities in science and research.

Australian Capital Territory cyber security sector

Overview

Average provider age: 7.5 years

44 per cent of providers are less than five years old

29 per cent of providers are exporting

Cyber priority areas:

1. Tertiary and research sector

2. Defence industry

3. Renewable energy

4. Federal government

~1,700 estimated cyber security workers

Cyber educational institutions

Cyber educational institutions

Sources: AustCyber's Digital Census 2020, AlphaBeta analysis

NSW
New South Wales hosts the largest and most diverse range of cyber security providers in Australia

Overview

More than 80 cyber security providers are headquartered in NSW, 75 per cent of which service the financial services sector. Cyber security providers in NSW are also extending their involvement to bourgeoning technologies, such as advanced manufacturing and automation (Industry 4.0).
 

Provider snapshot

Provider snapshot

The average age of cyber security providers in NSW is 8.5 years.

NSW has a growing cyber startup community, with notable success stories such as Secure Code Warrior, Huntsman Security and Kasada, and a plethora of new entrants such as Paraflare, Daltrey and Tikabu. The NSW Government has helped startups scale by establishing the Cyber Security Connect Program, which aims to build networking and collaboration opportunities between the sector and the wider NSW economy. The government has also launched a Cyber Security Vulnerability Management Centre in Bathurst to monitor its online assets, in partnership with Australian born UpGuard.

Providing cyber governance and risk services is the state's top cyber offering by revenue. These services are in high demand among professional and financial services providers, many of which are based in Sydney. The NSW Government is also beginning to invest strongly in digital technology, rolling out several significant projects - such as the Future Transport Strategy, Smart Places Strategy and Digital Restart Fund - to drive demand for cyber.

Only 38 per cent of NSW's cyber security providers are exporting - below the national average of 43 per cent - and more than one-third of those surveyed cited gaining access to export markets as a key barrier to growth.1 There are notable exceptions: companies such as Secure Code Warrior have had significant success helping overseas clients improve the security of their coding practices.
 

Education, skills and research

Education, skills and research

Several of NSW's major universities offer cyber security at both graduate and post-graduate levels. For example, Macquarie University offers a Bachelor of Cyber Security and UNSW, through its cyber centre of excellence, offers a Master of Cyber Security and works closely with the Defence Research Institute.

TAFE NSW offers the Certificate IV in Cyber Security. TAFE NSW partnered with the NSW Cyber Security Innovation Node this year, supported by Hewlett Packard, to launch cyber security mini-modules online to help workers retrain as the COVID-19 pandemic drives more businesses to digitise and rely on online tools.

The cyber security research landscape continues to build in NSW, led by UNSW's CySPri Laboratory which conducts cyber security research on topics such as application and network security, and collaborates with several industry partners.
 

Territory government support

State government support

The NSW Government recently announced a $1.6 billion Digital Restart Fund, to further drive digitisation of services across government agencies. Of this total amount, $240 million has already been committed to enhancing the government's own cyber security, to be articulated in the NSW Cyber Security Strategy.

1. AustCyber's Digital Census 2020

New South Wales cyber security sector

Overview

Average provider age: 8.5 years

40 per cent of providers are less than five years old

38 per cent of providers are exporting

Cyber priority areas:

1. Industry 4.0

2. Cross sectoral digital transformation

3. Cyber workforce development

4. Financial services

~10,150 estimated cyber security workers

Cyber educational institutions

Cyber educational institutions

Sources: AustCyber's Digital Census 2020, AlphaBeta analysis

Queensland
Queensland's cyber security providers are strong exporters, with nearly 60 per cent reporting overseas customers

Overview

Queensland's cyber security sector has relative strengths in servicing the government sector: more than 75 per cent of survey respondents identified federal or state government as a key customer. Compared to other states, Queensland providers have a high export rate: nearly 60 per cent are selling cyber security products or services overseas. In mid-2020, AustCyber announced that it would be opening three Cyber Security Innovation Nodes in Brisbane, Townsville and the Sunshine Coast, which will further build on the state's cyber capability and assist to protect national critical infrastructure.
 

Provider snapshot

Provider snapshot

Queensland is home to relatively mature cyber providers, with an average age of ten years - second only to South Australia. Although Queensland has a relatively small startup community, with only 32 per cent of providers less than five years old, it is home to exciting startups including Assetnote, SecureStack and CyberMetrix. Cyber providers of all ages can find support in the Queensland Government's Advance Queensland Strategy, a suite of programs and grants designed to drive the knowledge and jobs of the future.

The top cyber products and services offered in Queensland are penetration testing, cyber governance and risk services, and application security. The state government's recent focus on growing Queensland's innovation ecosystem through its Advance Queensland Strategy will likely shape the state's future cyber product mix, as providers respond to key priority areas such as robotics and agricultural technology (agritech).

Export appears to be a strength for Queensland cyber providers, with nearly 60 per cent exporting their products and services overseas. One prominent success story is ASX-listed RightCrowd, which has had significant success internationally with its identity access management and threat intelligence analytics solutions.
 

Education, skills and research

Education, skills and research

Queensland's educational institutions are stepping up to address the cyber security skills shortage with a range of graduate and postgraduate cyber courses now on offer. This is led by the University of Queensland (UQ) who recently launched their interdisciplinary Master of Cyber Security program. The Queensland University of Technology, Griffith University, University of the Sunshine Coast and the University of Southern Queensland all offer postgraduate level cyber security courses. UQ also has a cyber security research centre which explores emerging cyber areas such as IoT and cyber physical security and secure communications for space.
 

Territory government support

State government support

The Queensland Government has awarded a $250,000 grant to the Australian Information Industry Association to partner with Queensland University of Technology to deliver critical skills around innovation in cyber security. Queensland was also the first state to launch a Joint Cyber Security Centre within the Australian Cyber Security Centre.

Queensland cyber security sector

Overview

Average provider age: ten years

32 per cent of providers are less than five years old

58 per cent of providers are exporting

Cyber priority areas:

1. Defence

2. Advanced manufacturing

3 Health

4. Education

5. Agritech

6. Federal and state government

~3,600 estimated cyber security workers

Cyber educational institutions

Cyber educational institutions

Sources: AustCyber's Digital Census 2020, AlphaBeta analysis

South Australia
South Australia's cyber providers have an exciting opportunity to collaborate with Australia's emerging industries

Overview

The development of South Australia's innovation precinct, Lot Fourteen, presents an exciting opportunity for cyber providers to collaborate with emerging areas such as machine learning and the space industry. This will add to the state's expertise in servicing the defence sector and further build on its export strengths.
 

Provider snapshot

Provider snapshot

Although South Australia has a relatively small pool of fully dedicated cyber security providers, it is home to Australia's most mature providers at an average age of 11 years - well above the national average of 8.5 years. Although cyber is just one part of their businesses, South Australia is home to well-established providers such as Prophecy International and Consunet, which have been operating for 28 and 18 years respectively. The state also has a small number of promising young providers, such as Airlock Digital and CyberOps.

The high value of defence contracts in South Australia has spurred the development of products and services tailored to the defence industry, such as penetration testing. The positive impacts of Lot Fourteen are also beginning to surface, with CyberOps offering solutions tailored to the space and IoT sectors.

The maturity and quality of South Australia's cyber security providers is reflected in the fact that it's the leading state for cyber exports, with 67 per cent of its providers selling overseas. One example of overseas success is Airlock Digital, which has a global reputation for its application whitelisting solution.
 

Education, skills and research

Education, skills and research

South Australia hosts five important education institutions. The University of Adelaide, Flinders University, University of South Australia and Torrens University offer degrees in cyber security at both undergraduate and postgraduate level; whilst TAFE South Australia offers the Certificate IV in Cyber Security. The University of Adelaide also runs an online cyber security course for teachers, providing a critical resource to improve cyber education in schools.

In 2020, the South Australian Government established the Australian Cyber Collaboration Centre at Lot Fourteen which aims to support Australian cyber providers to launch new products and services globally. Flinders University has also launched the Jeff Bleich Centre for the US Alliance in Digital Technology, Security and Governance which focuses on research into issues such as foreign interference in democratic elections and national security.
 

Territory government support

State government support

The Government of South Australia has a clear strategic plan for cyber security that is centred around innovation and collaboration with industry, supported by the Australian Cyber Collaboration Centre and Lot Fourteen.

South Australian cyber security sector

Overview

Average provider age: 11 years

33 per cent of providers are less than five years old

67 per cent of providers are exporting

Cyber priority areas:

1. Defence industry and supply chain

2. Autonomous systems

3. Space industry

4. Digital health

~1,000 estimated cyber security workers

Cyber educational institutions

Cyber educational institutions

Sources: AustCyber's Digital Census 2020, AlphaBeta analysis

Victoria
Victorian cyber security providers have strengths in servicing the financial and defence sectors, and significant success abroad

Overview

Victoria has the second largest cyber security workforce in Australia, with nearly 9,000 workers. As in NSW, financial services is the most prominent customer segment for Victorian providers: over 75 per cent of surveyed cyber security firms active in Victoria are servicing this sector. Defence is also a large customer of Victorian cyber providers: approximately 57 per cent of Victorian providers service defence organisations.
 

Provider snapshot

Provider snapshot

At an average age of 7.5 years, Victoria's cyber providers are just slightly younger than the national average of 8.5 years. 42 per cent of Victorian cyber providers were founded less than five years ago, including notable new providers such as VeroGaurd, HackHunter, Retrospect Labs and Cynch Security. There is a strong support network for young providers in Victoria, including from government programs such as LaunchVic, and the state hosts Australia's only cyber security accelerator, CyRise. As well as having its share of startups, Victoria has produced some of the nation's most successful cyber providers, such as ASX-listed Tesserent and newly established CyberCX.

Consistent with Victoria's large population and diversity of businesses, the state's cyber providers offer a breadth of cyber products and services. The top three cyber products offered in Victoria are cyber governance and risk services, penetration testing, and mobile and web security.

As a promising sign that Victorian cyber providers are able to compete globally, 46 per cent of Victoria's cyber providers are exporting, which is above the national average of 43 per cent. One example of this is MailGuard, an email security provider that has a global customer base.
 

Education, skills and research

Education, skills and research

Victoria is home to a rich network of cyber research and education institutions including RMIT, Deakin University and the University of Melbourne, which hosts an Academic Centre of Cyber Security Excellence. The Oceania Cyber Security Centre is also based in Melbourne, which is a cooperative organisation made up of eight Victorian universities and CSIRO's Data61. Further adding to the state's cyber research capability is the Defence Science Institute which is a collaboration between the University of Melbourne, Victoria's state government, and the Australian Government's Defence Science and Technology (DST) Group.
 

Territory government support

State government support

The Victorian Government Cyber Security Strategy 2016-2020 outlines the measures being taken to ensure cyber reliance and governance in the public and private sectors. As part of this strategy, the government has committed $17.6 million to further develop its cyber capabilities.

Victoria cyber security sector

Overview

Average provider age: 7.5 years

42 per cent of providers are less than five years old

46 per cent of providers are exporting

Cyber priority areas:

1. Digital health

2. Skills and education

3. Financial services

4. Defence

~8,300 estimated cyber security workers

Cyber educational institutions

Cyber educational institutions

Sources: AustCyber's Digital Census 2020, AlphaBeta analysis

La Trobe University - Melbourne, Australia

Western Australia
Western Australia is home to the youngest cyber security providers, about half of which were founded less than five years ago

Overview

The average age of cyber security providers in Western Australia is seven years. Given the state's abundant natural resources, cyber security providers specialise in servicing large mining, oil and gas companies. Western Australia's educational institutions offer some of the most expansive and high-quality cyber security qualifications in the country.
 

Provider snapshot

Provider snapshot

Approximately half of all cyber security providers in Western Australia were founded less than five years ago, which demonstrates the emerging nature of the state's cyber sector. Some of the most promising startups coming out of Western Australia include Sapien Cyber, which has developed a threat detection and vulnerability management solution, and Red Pirahna, who provide a unified threat management platform. Western Australia's startup and the Australian Government's Entrepreneurs' Programme play a critical role in supporting Queensland's startup sector.

The top products and services for Western Australian cyber providers are cyber governance and risk services, penetration testing, and cyber security delivery such as managed security services and security operation centres. An emerging provider of cyber security services is CSO Group, which specialises in cyber security risk consulting.

The relative youth of Western Australia's cyber providers is evidenced in the fact that only one-third have customers overseas - they are focusing on building their strengths locally. Once these providers are globally competitive, their unique location will make Asian markets more accessible than for their eastern counterparts, which will increase export opportunities.
 

Education, skills and research

Education, skills and research

Pioneered by Edith Cowan University (ECU), Western Australia has long been a leader in cyber security education. ECU has the widest range of both graduate and postgraduate cyber security courses in Australia and consistently record some of the strongest enrolment numbers in cyber security across the country. ECU has been recognised by the Australian Government as an Academic Centre of Cyber Security Excellence and is home to the Security Research Institute which focuses on cyber systems, critical infrastructure security and cybercrime. The Cyber Security Cooperative Research Centre is also based in Western Australia.
 

Territory government support

State government support

The Government of Western Australia has allocated a $16.7 million New Industries Fund. In response to COVID-19, the fund committed $800,000 to allow SMEs to address cyber security attacks as a result of having to move their operations online. In 2018, the state government announced a partnership with ECU to ensure the increased security of Western Australia's public sector.

Western Australia cyber security sector

Overview

Average provider age: seven years

50 per cent of providers are less than five years old

33 per cent of providers are exporting

Cyber priority areas:

1. Mining

2. Oil and gas services

3 Agritech

4 Operational Technologies (OT)

~1,400 estimated cyber security workers

Cyber educational institutions

Cyber educational institutions

Sources: AustCyber's Digital Census 2020, AlphaBeta analysis

  1. Calculated using population and number of cyber security employees
  2. AustCyber's Digital Census 2020