SCP - Chapter 1 - The Australian cyber security sector today

Australia's cyber security sector has rapidly grown in response to strong demand for its critical services

Australia's cyber security sector has come a long way in a short time

Using data from AustCyber's Digital Census 2020, this chapter paints the most comprehensive picture yet of Australia's cyber security sector. Demand is growing, with Australians spending approximately $5.6 billion on cyber security in 2020 - from both local and international providers - a figure that is expected to increase to $7.6 billion by 2024. The local sector's revenue has grown by $800 million since 2017, to reach an estimated $3.6 billion this year. SMEs generate about a quarter of the cyber sector's revenue in Australia, with the rest directed to diversified professional services providers, technology integrators, mid-tier providers and defence contractors. Gross value added (GVA) of the Australian sector has been estimated for the first time in this report at $2.3 billion.

The sector is made up of young cyber security providers, and a workforce that's steadily growing

There are more Australian cyber security providers and workers than ever before. In 2020, approximately 350 providers make up the domestic sector. Among this group of young companies - the average age is 8.5 years and more than 40 per cent were founded in the past five years - there are success stories of companies that have flourished, becoming internationally recognised names.

The workforce has grown by 4,000 since 2016, reaching approximately 26,500 people who work for providers or staff internal security teams as businesses and government improve their cyber capabilities.

A closer look at the sector reveals that it is characterised by new, innovative SMEs, with more than 88 per cent of providers having fewer than 100 employees. SMEs and larger providers specialising in systems security account for the biggest portion of Australia's cyber security market. Many of their customers are government or defence organisations.

States and territories are developing their own communities to foster innovation

The sector is building its network across Australia, with clusters of innovation developing in major cities. AustCyber's National Network of Nodes will accelerate cyber capability development and innovation. Having a presence in states and territories will help to sharpen customer awareness of domestic cyber security capability and attract top talent.

Initially, the impact of COVID-19 appears to have hit micro and small providers hardest, while medium-sized companies have recorded an uptick in demand as customers adapt to digital modes of working and develop go-to-market strategies. Despite the short-term disruption to some service delivery, the pandemic is likely to accelerate the long-term transformation of the economy through technology and increased demand for cyber security.

Australia spent approximately $5.6 billion on cyber security in 2020, with demand expected to reach $7.6 billion by 2024

Demand for cyber security is rapidly growing, with spending increasing by nine per cent each year over the past four years.

There are several core drivers of demand. First, digitisation exposes businesses to more threats. Second, the overall threat environment is increasing, with several high-profile attacks - such as against NSW Government agencies, Toll Group and PayID - over the past year. Third, governments and regulators are requiring stronger security for critical infrastructure and systems of national significance.

Analysis based on available market data and expert interviews suggests that Australian demand will continue to grow by eight per cent per year, reaching as high as $7.6 billion by 2024. This is a slight reduction on previous growth of nine per cent, reflecting some slowness in the market as a result of the economic conditions caused by the COVID-19 pandemic. But the growth rate is still robust, considering the broader economic recession. The impact of COVID-19 is further explored on page 24. Globally, it is expected that spending on cyber security will reach US$207 billion by 2024.1

Figure 1

Australia's cyber security spend, 2017-24

A$, billions

Figure 1

Note: The spending figures for 2017-24 are higher than estimated in previous SCPs. The higher figures are based on new sources of insight and updated data. The methodology is explained in the appendix.

Sources: Gartner, IBISWorld, AustCyber's Digital Census 2020, AlphaBeta analysis

Growth in spending is reflected in the local sector's revenue, which has risen by $800 million since 2017

Australian cyber security revenue has grown substantially over the past four years. Between 2017 and 2020, sector revenue grew by $800 million - from $2.8 billion to $3.6 billion.

These gains have been made very quickly. Sector revenue grew by an average of eight per cent each year between 2017 and 2020. By contrast, the information, media and telecommunications (IMT) sector's revenue grew by just three per cent each year over the same period.2 Australia's cyber sector revenue growth is increasing at a similar pace to overall spending on cyber security, indicating that the share of imports in the Australian market is relatively stable.

As the cyber threat landscape continues to evolve, sector revenue is forecast to continue to grow at about nine per cent each year over the next four years. The sector could reach $5 billion in revenue by 2024, which is nearly double its 2017 level.

Note: Australia's cyber security sector includes all cyber security activity that occurs in Australia, where the economic value is added in Australia, including by foreign-owned entities. IMT's growth rate for 2020 was estimated using historical data.

Figure 2

Australia's cyber security sector revenue, 2017-20

A$, billions

Figure 2

Note: Australia's 2020 cyber security sector revenue figures and revenue growth figures are estimated using global spend data as at July 2020.

Sources: Gartner, IBISWorld, Austcyber's Digital Census 2020, AlphaBeta analysis

Startup success reflects sector's rapid growth

Australia is home to some of the world's fastest growing cyber security providers, many of whom have raised significant amounts of investment while expanding their operations globally.


Bugcrowd is a crowdsourced security as a service provider, offering penetration testing, bug bounty programs and vulnerability disclosure to customers across a wide range of industries.

The company was founded in Australia in 2012, but moved their headquarters to San Francisco for better access to venture capital, shorter time-to-market and improved network effects.

Bugcrowd has raised over US$80 million in funding and investors include Paladin Capital Group, Blackbird Ventures, Rally Ventures, Costanoa Ventures, SalesForce Ventures, Triangle Peak Partners and First State Super. The company employs over 300 staff across their Australian, US and UK offices.

Secure Code Warrior

Founded in 2015, Secure Code Warrior enables developers to build secure code rather than having to review or retrofit security during or after development. The company also provides gamified developer training and can auto correct code security errors as code is being written.

SCW has raised over US$48 million in funding and investors include Paladin Capital, AirTree, Goldman Sachs, ForgePoint Capital and CISCO Investments. The company employs over 150 staff across their Australian, US, UK, Belgium and Iceland offices.


Kasada safeguards consumers and businesses from malicious online bots. Their solution protects businesses from automated attacks, botnets and targeted fraud - across web, mobile and API channels. Besides boosting online security, the company increases traffic visibility and improves customer experience.

Kasada is one of Australia's fastest growing cyber security startups, reporting 500% revenue growth in 2019. Founded in 2015, Kasada has raised over US$20 million and investors include CSIRO's Main Sequence Ventures, Westpac's VC fund Reinventure Group, In-Q-Tel, TenEleven Ventures, Our Innovation Fund and former Australian Prime Minister Malcolm Turnbull.

Kasada is expanding its global footprint servicing customers in the ASX 100, Forbes Global 2000 and mid-sized enterprises in the US and UK.

Cloud one

Cloud One - Conformity works with organisations around the world to implement and maintain best-in-class infrastructure security, compliance and optimisation on the public cloud. Their solution helps businesses who rely on AWS, Azure and Google Cloud to ensure their information and data remains secure.

Cloud One - Conformity provides an example of a successful exit. Founded in 2016, it was acquired in 2019 for US$70 million by global security vendor Trend Micro. Cloud One - Conformity now has offices in Australia, US, UK and Canada.

SME providers received about a quarter of sector revenue in Australia

Australian cyber security providers are generating $3 billion in revenue from the domestic market and $600 million from international markets, totalling $3.6 billion.3 Based on expert interviews, the Australian cyber security sector is segmented into five key groups:

  • SMEs: startups and smaller providers. SMEs received approximately $800 million in revenue, which is around one-quarter of the sector's total revenue.
  • Major consultancies: cyber security practices at major consulting firms. They are estimated to earn approximately $500 million in revenue.
  • Technology integrators: large international diversified technology businesses that integrate systems and security. Integrators are capturing the largest share of the market, valued at an estimated $1.5 billion.4
  • Mid-tier firms: scaled pure-play providers such as CyberCX, Tesserent and Trustwave. They account for an estimated $500 million of revenue.5
  • Defence-related firms: providers focused on defence and national security, such as the so-called Defence Primes.6

Figure 3

Australia's cyber security sector revenue by provider segment

A$, billions; 2020 estimate

Figure 3

Survey question: What was the total revenue for your organisation in the 2019-20 financial year?

Sources: AustCyber's Digital Census 2020, customised data from illion

The cyber security workforce has grown by 4,000 over the past three years

The substantial growth in cyber security spending in Australia has led to the workforce expanding by about 4,000 since 2017. A total of about 26,500 people work in the Australian cyber security sector today.

This estimate includes both employees in the cyber security sector and those in related roles, such as members of in-house cyber security teams and Chief Information Security Officers in other sectors.

Growth in jobs in cyber security has far outpaced the national average. Between 2017 and 2020, employment in the sector grew by six per cent each year, while the nation's overall workforce expanded by just two per cent each year.7

In absolute terms, the total number of direct jobs in the sector is comparatively small compared to other, more established industries. However, cyber security underpins the digitisation and growth of the entire economy, meaning it has a much greater impact on Australia's overall employment through indirect jobs.

Strong job creation in cyber security is likely to continue, with 7,000 more jobs expected to be added to Australia's economy by 2024.

A number of government and industry programs, such as the Australian Signals Directorate's CyberEXP Program and the Australian Defence Force's Cyber Gap Program, are focused on developing Australia's workforce to meet this growing demand. Further programs will be added into the economy in the next year as a result of the Australian Government's Cyber Security Strategy 2020 and initiatives of state and territory governments.

Figure 4

Australian cyber security workforce 2017-24

No. of workers, thousands

Figure 4

Note: The employment figures for 2017-24 are higher than estimated in previous SCPs. The higher figures are based on new and updated sources of data that were available for this SCP.

Sources: Gartner, IBISWorld, Australian Bureau of Statistics, Cyberseek Australia, AlphaBeta analysis

For the first time, the gross value added of Australia's cyber security sector can be estimated, at $2.3 billion

GVA (gross value added) is a measure of economic activity and can be used to estimate the contribution of the cyber security sector.

AustCyber's Digital Census enables the calculation of GVA for the sector for the first time. GVA is the sum of the profits and wages from economic activity in the sector. In 2020, the former is estimated at $900 million (25 per cent of revenue) and the latter at $1.4 billion, resulting in GVA of $2.3 billion. The sector's GVA is already comparable to other digital sectors such as computer software ($4.2 billion) and retail e-commerce ($3.2 billion).8

While GVA estimates the direct contribution of cyber security to the economy, it does not account for its role in enabling economic activity in other sectors. For example, the GVA of sectors such as banking and telecommunications would not be possible without robust cyber security. As our corporations, educational institutions and essential services become increasingly digitised, their success and impact largely rely on having trusted infrastructure and data.9 The sector's role in a rapidly digitising economy is further explored in Chapter 2.

Note: This is an experimental first pass calculation of GVA for Australia's cyber sector using Digital Census data, as well as ABS and publicly available data. As more robust data on the cyber sector becomes available, this measurement can be further refined. Retail e-commerce is estimated using Australian online retail sales' share of total Australian retail turnover.

Figure 5

Estimated gross value added of Australia's cyber security sector, 2020

A$, billions

Figure 5



GVA (direct)

Profit estimate is based on data from more than 100 respondents to the Digital Census, scaled to account for sector size, as well as ABS data and public company reports

Total sector wages was estimated by applying a weighted average wages-to-revenue ratio from the Digital Census to total sector revenue, as well as ABS data

GVA was estimated by summing operating profits and wages. This estimate does not include indirect economic impacts

Note: Australia's 2020 cyber security sector revenue figures and revenue growth figures are estimated using global spend data as at July 2020.

Sources: Gartner, IBISWorld, AustCyber's Digital Census 2020, AlphaBeta analysis

Most of the businesses in Australia's cyber security sector are very young, with more than 40 per cent of providers around or under five years old, and 66 per cent less than ten years old

Despite this, a number of younger Australian cyber security firms have found early success in both Australia and abroad. One example is ASX-listed Tesserent, which was founded in 2016 and specialises in managed security and security consulting. Over the past two years, it has acquired smaller cyber security providers such as Rivium, Pure Security and Seer Security, further adding to its suite of capabilities.

The average age of Australian cyber security providers is 8.5 years, and only nine per cent in the sector have been operating for more than 20 years.10 Of the firms that are older than 20 years, only 23 per cent are dedicated cyber security providers.11 The majority of these are services or IT businesses that offer cyber security as one part of their business.

The sector's youth opens up many new opportunities for the Australian economy, but it also presents some challenges, as explained in chapters 2 and 3.

Figure 6

Age of Australian cyber security providers

Percentage of all providers

Figure 6

Survey question: When was your organisation established?

Sources: AustCyber's Digital Census 2020, customised data from illion, Crunchbase

Reflecting its youth, the sector is dominated by SMEs, with over 88 per cent of providers having fewer than 100 employees

Characteristic of its youth, the cyber security sector is dominated by SMEs, which make up around 66 per cent of providers. One-quarter of the businesses in the sector are micro providers (zero to four employees).

This is expected to change as the sector matures. Of the providers surveyed, 40 per cent report that they plan to expand their workforce over the next 12 months.12 It is important to remember that this forecast comes at a time of uncertainty due to COVID-19.

Of the providers with 200 or more employees, only 13 per cent identify as dedicated cyber security companies.13

The rest of the large cyber security providers are professional services firms such as Deloitte and KPMG; international technology integrators such as Microsoft and IBM; and international defence specialists such as Lockheed Martin and BAE Systems. These larger providers offer cyber security as one part of their overall business, with expert interviews suggesting that cyber contributes five per cent for professional services providers.

Note: Australia's cyber security sector includes all cyber security activity that occurs in Australia, where the economic value is added in Australia, including by foreign-owned entities.

Figure 7

Size of Australian cyber security providers

Share of cyber security sector

Figure 7

Survey question: What is the current size of your organisation in full time equivalent employees?

Sources: AustCyber's Digital Census 2020, customised data from illion

Providers specialising in systems security capture the largest portion of Australia's cyber security market

Market spend on cyber security can be broken down by product segment. The largest product segment in Australia's cyber security market is 'Systems security' ($1.5 billion), followed by 'Software and platform security' ($1.3 billion). The 'human, organisational and regulatory' segment has the most providers, with 49 per cent accounting for a key offering. The segment with the fewest providers is 'Infrastructure security', although spending is still $1.1 billion, reflecting how this type of service is geared towards larger cyber providers.

Cyber security, like much digital technology, has traditionally been understood in terms of hardware, software and services. But the diversity and sophistication of modern cyber security means that these categories are no longer appropriate. The Cyber Security Body of Knowledge (CyBOK) is an international collaboration headed by the University of Bristol that structures cyber security according to five main categories:

  • Infrastructure security: securing computer and digital networks and related physical hardware and systems against intruders.
  • Systems security: operational, network and systems security that includes the processes and decisions for handling and protecting data assets.
  • Software and platform security: security that focuses on keeping software and the entire computing platform and devices resilient to cyber threats.
  • Attacks and defences: a proactive and adversarial approach to protecting against cyber attacks, including performing penetration and vulnerability tests.
  • Human, organisational and regulatory: tools and services to protect against intentional and unintentional user mistakes, and to ensure cyber governance and compliance.

This new framework provides a more robust foundation for researchers, policymakers and industry to study the sector. See Appendix B for detailed descriptions of each product category.

Note: Specialty is defined as the product or service that generates the largest amount of revenue for the business.

Figure 8

Australia's cyber security spend by product segment, 2020

A$, billions

Figure 8

Survey questions: What main products and/or services does your organisation offer? Of these, which are your top three products and/or services?

Sources: AustCyber's Digital Census 2020, Gartner, IBISWorld, AlphaBeta analysis

The government and defence sectors are the largest customers of cyber providers of all sizes

Analysis of revenue breakdown by industry for both SMEs and larger cyber security providers reveals that although there are minor differences in how revenue is distributed, there are distinct commonalities in how the sector generates its revenue.

For both SMEs and large providers, government (including organisations in healthcare, social care and education) and the defence sector account for approximately 30 per cent of total revenues. 'Government' is the sector's pivotal customer, with nearly 50 per cent of providers surveyed having sold cyber security products or services to the Australian Government over the previous 12 months.14 This is consistent with the rising cyber threats facing governments such as the growing sophistication of state-sponsored attacks, increasing demand for sovereign cyber capabilities and solutions.

The 'Financial and insurance services' industry is the next major source of revenue, accounting for around 20 per cent for smaller providers and a slightly higher share for larger providers. The financial services sector's appetite for cyber security is driven by the high degree of criminal attention it garners, as well as stringent regulatory and compliance obligations.

It must be noted that this analysis includes only external spending on cyber security. Expert interviews suggest that many of the large providers to the financial services and information and communications technology (ICT) industries are building substantial internal cyber capabilities, as opposed to purchasing external products or services.

Figure 9

Australian cyber security sector customers by industry

Level of consumption, provider revenue (percentage of total)

Figure 9

Note: Data from AustCyber's Digital Census mostly describes SME providers. Data is based on the midpoint of the revenue category survey respondents selected (e.g., estimates $12.5 million revenue if they select $10 million - $15 million). Respondents were asked for the top three products and services they sold and this analysis assumes that revenue out of their top three is split equally across all other products and services they sell. It also assumes that providers' revenue is split equally across the industries they serve. High to low scale is across each product segment only.

Sources: AustCyber's Digital Census 2020, expert interviews

Australia is home to around 350 cyber security providers, with over 80% headquartered in Victoria, New South Wales and the Australian Capital Territory

Figure 10

State-by-state snapshot of cyber security providers

Click on each state to view the details.

Note: Cyber security priority areas are the priority capability strengths that have been identified by AustCyber and each state’s Cyber Security Innovation Node. Victoria are in the process of establishing a Node, as well as cyber priority areas. The number of headquarters in each state includes dedicated providers, as well as diversified providers – such as professional services firms, technology companies and defence providers – offering cyber security as part of their business. The percentage of providers that are exporting and the providers’ demographic information is calculated based on where the company is headquartered. State profiles are based on insights gleaned from AustCyber’s Digital Census 2020. No cyber security provider participating in the Census recorded themselves headquartered in Tasmania or the Northern Territory, so these two jurisdictions are not described in this section. As the cyber security sector continues to mature, we expect that Tasmania and the NT will develop their own local hubs.

Sources: AustCyber’s 2020 Digital Census, customised data from illion, AlphaBeta analysis

Sovereign cyber businesses step up for defence training

Canberra is Australia's defence capital with the largest concentration of defence and national security agencies, assets, organisations, diplomatic networks and industry bodies in Australia. Consequently, opportunity exists for cyber security providers to develop custom solutions to meet defence needs.

In an Australian first, a group of innovative, sovereign cyber companies collaborated to create a successful pilot of a fully online, collective cyber training program for the Australian Defence Force (ADF).

Australian businesses Cydarm Technologies, elttam, FifthDomain, Penten and Retrospect Labs, each with expertise in niche cyber technology, came together to tailor a solution for defence on FifthDomain's cyber training and simulation platform.

The aim of the Accelerated Defence Cyber Training (ADCT) Program echoes the current need for remotely accessible training programs, while also addressing the requirement to rapidly increase cyber skills across defence and industry.

The online training program was conducted from FifthDomain's headquarters in Canberra, and was delivered remotely to Navy, Army and Air Force personnel across the country.

The training was conducted in a highly realistic virtual environment with simulated exercises. Trainees were grouped into virtual teams to remediate vulnerabilities and respond to simulated and real threat actors.

Each cyber business brought their own set of capabilities to create a bespoke solution for the ADF.

Cydarm Technologies deployed their case management platform and dashboard as a command and control system to coordinate team activities and provide oversight for the mentors. Vaughan Shanks, CEO of Cydarm Technologies said, "This enabled trainees in the cyber security operations teams to collaborate on responding to incidents, using playbooks, while the mentors continually assessed their progress."

elttam, an independent security company which specialises in high-quality offensive and defensive security services, played the role of cyber threat actors for the ADF trainees. Matt Jones, Director and Co-founder of elttam said, "We were proud to tailor realistic adversarial scenarios by employing the Tactics Techniques and Procedures (TTPs) found in real world cyber-attacks. The design and execution of each scenario was carefully tailored to give Defence participants the best experience in identifying, learning from, and defending against such cyber threats."

FifthDomain, the project lead and provider of the training and simulation platform, specialises in cyber operations workforce development. Matt Wilcox, CEO of FifthDomain said, "FifthDomain's cyber ranges benefit by being able to integrate niche technologies from our partners to provide Defence the best of breed in Australian cyber innovation. Within the context of COVID-19 limitations, the sovereign, remotely accessible platform enables defence to overcome travel and supply chain challenges to successfully achieve this goal."

Penten enjoyed the challenge of integrating their unique AI generated content and user behaviour on FifthDomain's cyber training platform. Founder and Director of Penten Ben Whitham said, "Although this is only the first step working together, the combined solution of additional realism and automation will enhance the training outcomes, reduce the time taken to create the environments and improve the repeatability."

Retrospect Labs co-designed and facilitated multiple cyber security exercises as part of the ADF's Accelerated Defence Cyber Training course. Jason Pang, CEO of Retrospect Labs said, "We leveraged our unique exercise platform to remotely manage and deliver these exercises to more than 50 ADF trainees dispersed across Australia."

Delivery of this program closely aligned with Australia's Cyber Security Strategy 2020, released in August 2020, which commits A$1.67 billion investment over ten years and outlines a range of initiatives including the growth of the country's cyber skills pipeline as one of its key recommendations.


COVID-19 appears to have hit smaller providers hardest, with medium-sized providers reporting an uptick in demand

The COVID-19 pandemic has driven most economies around the world into recession. The International Monetary Fund expects the global economy to shrink by three per cent this year, while the Australian economy decreased by seven per cent in the second quarter of 2020.

The effects on cyber security are not straightforward. While customers will be restricted in their spending capacity, economies have accelerated their digitisation to cope with social distancing needs. Since social distancing measures came into effect, it is estimated that up to 32 per cent of Australians have been working from home.15

Trends such as widespread remote work, e-commerce and the adoption of cloud services are likely to be permanent, which will boost cyber demand in the long-term. Interviews with cyber security providers suggest that while some of their customers are withholding or delaying spending, new customers are seeking to invest in protection as they transition to new digital tools.

Like most businesses, cyber security providers are having to change how they operate - 51 per cent report this as an effect of COVID-19. Encouragingly, providers are also showing strategic flexibility in response to the global pandemic, with 46 per cent of those surveyed reporting a change in business priorities. Furthermore, only 13 per cent reported a decrease in employee numbers as a result of COVID-19, while 18 per cent reported an increase.16

Figure 11

Impact of the COVID-19 pandemic on provider revenue, business operations

Figure 11

Survey questions: What is the current size of your organisation in full time equivalent employees? How has COVID-19 impacted your expected business revenue for the 2020-21 financial year? What impact has COVID-19 had on your business?

Source: AustCyber's Digital Census 2020

Helping small businesses continue operations

Small businesses face pressure from all directions. With budgets, time and access to expertise constrained, they are constantly on the lookout for technology solutions that can make their lives easier.

Melbourne based company Cynch Security is on a mission to help small business leaders prevent a cyber security incident from becoming one of the worst days of their career.

The team has spent the past nine months helping small businesses across Australia adjust to the changes brought on by the COVID-19 pandemic.

With the shift to working from home for long periods of time, keeping a business secure is a complex undertaking and beyond the reach of those outside the cyber security industry. Attacks continue to evolve and threaten businesses that depend on technology. Advice from experts is often inconsistent and quite generalised, creating confusion and at times, apathy amongst frustrated small businesses.

All of this has resulted in a growing number of businesses concerned about cyber risk, looking for how to best manage it amongst their teams. The responsibility for managing the risk day-to-day often falls to senior leaders with technology operations responsibility. This may be a younger business partner, office manager or the owner themselves if the team is small enough.

Providing micro and small businesses with advice on how to implement risk interventions as businesses transitioned to remote working has been Cynch Security's focus during the pandemic.

"COVID-19 disproportionately affected small businesses, and with increased cyber threats heading their way, we wanted to make sure we did everything in our power to support them when they needed it most," said Co-Founder and CEO Susie Jones.

"We created an entirely new online program for business owners with remote teams to help them manage the new risks they were facing. The program was complemented by a series of blog posts, webinars and supporting resources hosted on our website.

While health risks may have peaked and businesses are now starting to take stock and look towards the future once again, cyber risks remain and continue to evolve. As small businesses navigate these changes, Cynch Security will continue to offer support.


  1. Gartner (2020), Forecast: Information Security and Risk Management, Worldwide, 2018-2024, 2Q20 Update. Available at:
  2. Australian Bureau of Statistics (2020), Australian Industry 2018-19, Table 1, key data by industry subdivision. Available at:
  3. Market data from Gartner and IBISWorld, supplemented with expert interviews
  4. Expert interviews and customised data from illion
  5. Expert interviews and customised data from illion
  6. Expert interviews and customised data from illion
  7. Australian Bureau of Statistics (2020), Labour Force, Australia, Detailed Quarterly. Available at:
  8. Australian Bureau of Statistics (2019), Measuring digital activities in the Australian economy. Available at:
  9. AustCyber (2020), Australia's Digital Trust Report 2020. Available at:
  10. Note: Outliers, such as professional services providers, old IT providers, defence related firms and other providers that have been around for more than 30 years were excluded
  11. Dedicated cyber security providers refer to firms where 100 per cent of revenue and employment can be attributed to provision of cyber security products and services
  12. AustCyber’s Digital Census 2020
  13. AustCyber’s Digital Census 2020, expert interviews
  14. AustCyber’s Digital Census 2020
  15. Roy Morgan Research Centre
  16. AustCyber’s Digital Census 2020