SCP - Chapter 2 - The next phase of growth

In its next phase of growth, the cyber security sector needs to support rapid digitisation and capture emerging export opportunities

Australia's economy needs to continue to digitise

Driving digitisation in our economy will be critical to improving productivity, living standards and national security in Australia. A maturing integrated digitally connected economy creates greater core interdependencies between technology and sectors. The retail and financial services sectors are well advanced toward digitisation. E-commerce, for example, gives buyers and sellers easier access to multiple platforms, distribution channels, products and services across numerous markets at any one time. New digital technologies such as the loT, AI and remote operations create new efficiencies and commercial opportunities. Some types of digital technology, such as cloud services and remote working tools, have become critical and indispensable due to the social distancing requirements imposed by the COVID-19 pandemic.

What does the economy need?

The proliferation of digital assets and tools offers new targets for malicious actors looking to harvest data and information for their own interest, putting at risk personal and commercial privacy. A robust and thriving local cyber security sector is therefore essential to support ongoing digitisation in the Australian economy. This is especially important in sectors such as energy, healthcare and research/education, which have been slower to undergo significant digital transformation, but are now under pressure to implement change with increased urgency.

Government has also recognised the need to improve cyber protection, recently flagging the future introduction of baseline levels of cyber resilience across the economy, which will further drive demand for services.1 While Australian businesses and governments can access some services in the competitive global marketplace, our local cyber security sector plays an essential role. The protection of critical national infrastructure, for example, cannot be sourced exclusively from overseas, due to the national security risks that arise when Australia becomes reliant on foreign providers whose interests may conflict with those of Australia. The concept of sovereign capability does not mean that every component of our cyber protection must be sourced locally, but rather, the local sector has sufficiently sophisticated technical and implementation capabilities to avoid Australian businesses and governments being acutely reliant on foreign providers.

Adapting to secure by design and complex value chains

The traditional concept of cyber security is that - at a broad, conceptual level - its products and services act as a shield that protects digital assets. Other important cyber security offerings, such as risk management and forensics, play their role in mitigating risk, deterring threats and recovering losses when breaches occur. In this way, cyber security is analogous to physical security, where criminals chasing valuable targets are repelled, tracked and investigated. This holds true for much of the digital world and its current suite of cyber-physical systems.

However, a new conceptual approach has emerged for novel technology and systems. Rather than constantly racing to beat cybercriminals before they can exploit security vulnerabilities, digital technology can be built in such a way that it prioritises security and minimises vulnerabilities. This is known as 'secure by design' and reconfigures digital systems so that security is a core criterion that engineers optimise for, rather than being a layer that is added after the fact.

The application of secure by design principles will drive the involvement of cyber security earlier in value chains for many different products and services, and the sector will need to respond to these changes by adopting its services and identifying new customers.

A secure by design approach extends beyond individual pieces of digital technology. In the current Australian economy, sectors are increasingly connected - digitally and physically - but with different levels of digitisation and cyber protection. In this new world, it pays to think about security across value chains rather than focusing on the security of individual sectors. The high-profile attacks on Toll Group this year and Maersk in 2018 are early hints at how an attack on one part of a value chain - such as the logistics sector - can impact a host of other sectors across the economy. It is in the rest of the value chain's interest that organisations such as Toll Group and Maersk are secure.

Expanding our export presence

This new concept of cyber security has implications beyond Australia. Understanding how cyber security interacts with other components of the economy is a global issue, especially as so many of Australia's value chains are dependent upon the digital security of other countries.

Increasing Australia's cyber exports to capture a higher share of the US$147 billion global market will be key to the sector's success. Solidifying strong relationships with export markets in the US and UK will draw on our close defence and technology ties. At the same time, expanding into high-potential markets in the Association of Southeast Asian Nations (ASEAN), India and Japan will play into Australia's reputation as a trusted partner and centre of research excellence.

This chapter explores the future of the domestic cyber security sector's growth and its export opportunities.

2.1 Supporting our digitising economy

Australia's economy has rapidly digitised over the past decade, unlocking new productivity gains

Digitisation drives productivity gains and business efficiencies much faster than physical industries, unlocking new sources of economic growth for Australia.

The best demonstration of this comes from comparing the performance of digital industries in Australia with physical industries over the past two decades. Productivity growth in digital industries has consistently outpaced that of physical industries, almost doubling total productivity gains over the period. This story is repeated in measure of output and employment growth.

Research also shows the benefits of digitising and automating processes. In Google's 2015 report 'The Automation Advantage', it was estimated that automation could result in $2 trillion in productivity gains for the Australian economy by 2030, leading to millions of safer, more meaningful and more valuable jobs.

The benefits to Australia from its position as a leading digital economy rely on the security, privacy and resilience of its online infrastructure and data. 'Australia's Digital Trust Report 2020' highlighted the critical role digital trust plays in attracting investment and driving jobs growth - adequate cyber security is vital to protecting this trust.

The most rapid digital transformation of the past decade has occurred due to COVID-19, with McKinsey reporting a five-year jump in consumer and business digital adoption within the first eight weeks of the pandemic's worldwide spread.2

Figure 12

Productivity in digital and physical industries, 1998-18

Growth index (1998=100)

Figure 12

Note: Methodology is based on Mandel M and Swanson B (2017), The Productivity Boom. Productivity is calculated as total output divided by total hours worked.

Sources: Australian Bureau of Statistics (2020), Labour Force Australia. Department of Industry, Innovation and Science, Office of the Chief Economist (2018), Future Productivity March 2018

As the world increasingly digitises, the frequency and severity of cyber attacks has risen

In Australia, the average number of monthly attacks increased by 33 per cent in the first half of 2020. Globally, reports by the FBI and NordVPN cite a 40 per cent increase in daily cyber attacks, compared to pre-COVID-19 levels.3

Figure 13 shows the number of cyber security incidents the Australian Cyber Security Centre (ACSC) responded to in 2019-20. This includes malicious emails, compromised systems, data breaches, system shutdowns and malware attacks.

Large businesses reported the most attacks (33 per cent), with SMEs coming in second (32 per cent), followed by the Australian Government and national infrastructure (20 per cent).4 Significant attacks included:

  • compromise of Australian National University (ANU) data in June 2019;
  • malware attacks on state government health departments and the Australian Parliament in October 2019;
  • a second ransomware attack on Toll Group in May 2020; and
  • sophisticated state-sponsored attacks on national institutions, which were revealed by the Prime Minister in 2020.

Awareness of the threats posed by cyber security vulnerabilities increased with the Prime Minister's announcement of state-sponsored attacks, and increased media coverage of cyber security amid COVID-19.

Figure 13

Cyber incident responses by the Australian Cyber Security Centre, 2019-20

Number of incidents

Figure 13

Source: Australian Cyber Security Centre (2020), ACSC Annual Cyber Threat Report: July 2019 to June 2020.

Figure 14

Economy-wide digitisation will generate new threats and demand for cyber security products and services

Figure 14

Sources: Australian Payments Network (2018), 2018 Annual Review. IBM (2020), IBM X-Force Threat Intelligence Index. Forbes (2020), 2020 Roundup of Cybersecurity Forecasts and Market Estimates. AlphaBeta analysis

Industries that are digitising, such as healthcare and manufacturing, need to scale up their digital protections

While demand for cyber security products has been robust and the sector has rapidly evolved, some sectors have seen a mismatch between levels of cyber risk and investment needs and focus by cyber security providers.

Comparing forecast demand and supply helps to identify sectors with a possible shortfall of cyber security products and services, and highlights where the local sector may have to do more to meet the needs of the economy. For example, industries such as government (excluding defence) are likely to have strong future demand met by strong supply, so the incremental cyber security growth requirement is relatively small. Other industries, such as transport and logistics, are forecast to have moderate future demand but low future supply, so the incremental growth requirement for cyber products and services is higher.

Three sectors stand out for very high growth potential:

  • Healthcare and social assistance is likely to experience accelerated digitisation due to COVID-19 and increasing attacks on healthcare systems and medical research companies. Protecting patient data and IP will become a higher priority.
  • Education is likely to see the integration of online systems and delivery models. Research and student data will become more vulnerable and the moderate planned supply growth by SME cyber security providers may not address the heightened threat level.
  • Manufacturing will need substantial new cyber security investment in the wake of Industry 4.0 and transitions to advanced manufacturing methods and technologies, as well as increased threat levels for uptake of IoT. Further demand will come from the Australian Government's Manufacturing Modernisation Strategy and impacts of the pending 'Protecting Critical Infrastructure and Systems of National Significance' legislation.

Note: To estimate potential future cyber security shortfalls, our analysis considered supply and demand. To forecast future demand, three factors were used: digitisation potential, cyber threats and regulated minimum standards. To forecast future supply, historical investment levels and cyber security sector SMEs' growth plans were used.

Figure 15

Potential cyber security shortfalls by industry

Industry

Possible cyber shortfall

Explanation

Healthcare and social assistance

Very high

Digital health records and telemedecine increasing with growing regulatory obligations; historically, investment is low

Research, education and training

Very high

Digitisation amplified by COVID-19, growing regulatory obligations; historically, investment is low

Manufacturing

Very high

Industry 4.0 will increase exposure to threats, and much digitisation is still to occur in the domestic sector; historically, investment is low

Transport and logistics

High

Moderate digitisation occurring and threats growing (e.g., Toll Group and Maersk); SME providers' growth supply plans are moderately low

Wholesale and retail trade

High

Australian sector will continue to transform through e-commerce and experience increasing threats; limited SME provider plans to grow supply

Energy and utilities

Medium

Slow digitisation and threats, high regulatory obligations; moderately high historical investment and supply growth

Financial and insurance services

Medium

New fintech will increase demand alongside a high threat and regulatory environment; met by existing investment and supply growth

Defence

Medium

Very high threat and regulatory environment; being addressed by strong government investment and supply growth

Professional services and consulting

Medium

Already highly digitised industry with valuable data assets; high historical investment and moderately high planned supply growth

Government (excluding defence)

Low

High threat environment that is digitising rapidly; addressable through continued high investment and SME providers' supply growth plans

Information, media and telecommunications

Low

Medium-high digitisation potential and threats but little regulation; historically, moderately high investment and SME supply growth plans

Mining

Low

High digitisation potential but most needs met internationally; historically, low domestic investment and limited SME supply growth plans

Sources: AustCyber's Digital Census 2020. AlphaBeta analysis. McKinsey Global Institute (2017), Digital Australia: Seizing opportunities from the Fourth Industrial Revolution'. ABS (2020), Australian System of National Accounts, cat. no. 5204.0, Table 5: Gross Value Added by Industry.

As cyber security risks grow, regulation of a broad range of critical infrastructure sectors is tightening

In addition to support for economy-wide digitisation, Australia's cyber security sector must increase the development of specialised sovereign capabilities that protect critical national systems and infrastructure. Addressing these needs requires research, technology development and sovereign hardware manufacturing capabilities, as well as leadership, integration and maintenance.

While some industries have seen strong cyber security investment historically, others - such as those shown on the right - may have relatively less mature cyber security approaches. These newly identified industries - including digital health, food and groceries, transport and 5G - present opportunities for the Australian cyber security sector to grow to supply sovereign defence and protection.

The Australian Government is currently working to implement new regulations to improve the protection of national infrastructure and other critical systems.5 It is expected that measures will be introduced soon to cover the priority sectors listed in the table and this will drive demand for sector-specific solutions.

Other sectors, such as large Australian technology, mining and retail companies, are also likely to require more of their cyber security goods and services to be supplied locally as supply chains become more localised in the wake of COVID-19. A shift towards secure by design will further contribute to a turn to local, more specialised capabilities.

Figure 16

Protecting Australia's critical infrastructure and tech-adopting sectors

New technologies

Cyber security needs

Telehealth and new digital health systems

  • COVID-19 has accelerated digitisation in healthcare, with tele-consults, digital prescriptions and the increasing digitisation of health data and records. This will require accompanying systems security and risk management for patients' private information.

Higher education and research

  • Researchers are increasingly working and storing their data in the cloud. This is likely to lead to greater IP and data theft threats and the need for greater protection from malicious actors.

Food and groceries

  • Food and grocery supply chains need to be resilient to disruption. As these systems are now highly automated, they can be more vulnerable to cyber security attacks.

Transport and logistics

  • Similarly, the transport and logistics sectors need to increase their cyber resilience. High-profile attacks on Toll Group and Maersk illustrate the potentially crippling effect of ransomware and malware.

Telecommunications and 5G

  • New telecommunications technology such as 5G presents new cyber security challenges.
Government has identified several industries with nationally critical infrastructure and systems that require proportionate security obligations:
  • Banking and finance
  • Communications
  • Data and the cloud
  • Defence
  • Education, research and innovation
  • Energy
  • Food and groceries
  • Health
  • Space
  • Transport
  • Water

Source: Department of Home Affairs (2020), Protecting Critical Infrastructure and Systems of National Significance: Consultation Paper August 2020.

Cyber insurance offers businesses a financial mechanism to manage risk, while encouraging investment in cyber security

Insurance has traditionally been a central tool for businesses and individuals to manage risk. However, the digital economy has focused on managing cyber threats primarily using cyber security products and services.

This is changing as insurers are beginning to offer more protections specific to cyber security. Insurance allows the pricing of cyber risks, enabling businesses to compare the costs of cyber products to the cost of breaches and insurance. In this way, businesses can optimise their expenditure across cyber security and insurance.

Insurers are developing a price for cyber risk that allows businesses to transfer their risk. For example, CyberCube in the US prices risk by running specialised analytics on internal and external security data, historical losses and enterprise data. Established cyber insurer Allianz considers potential damages payable due to loss of customer data, the impact of business interruption and loss of reputation when pricing risk.

The two types of cyber insurers that are active in the market are:

a. large international insurers working with cyber risk experts (e.g., Chubb, Axa and Gallagher); and

b. specialist cyber insurance providers (e.g., IAG Firemark and Coalition).

Australia's cyber insurance market is only slowly gaining traction: most businesses have not yet recognised the role insurers play in protecting against cyber threats. Developing this market will require lifting awareness of the role of cyber insurance, and may need regulation to stimulate uptake.

Figure 17

Cyber insurance complements security products and services

Risk management combines protection and insurance

Figure 17

2.2 Capturing export opportunities

43 per cent of cyber security companies are already exporting, demonstrating a strong global outlook within the sector

The cross-border nature of cyber security underpins a global market for security solutions. Combined with expansive and complex supply chains, this means that the security problems that companies are solving are global in reach and have the potential to generate attractive revenue.

Crucially, focusing exclusively on local customers is not an effective growth strategy for cyber security companies. While local short-term success and sales are beneficial, it is widely acknowledged that while the scale of Australia's domestic market is sufficient for testing product and service concepts, it is not large enough to sustain companies that can compete with global cyber security providers on an ongoing basis. Startups - especially in software and hardware - must aspire to grow internationally to compete with global providers, even domestically. Cyber security's international environment of threats, providers and intellectual property together drive this requirement.

Around 43 per cent of organisations in the Australian cyber security sector are currently exporting their products and services overseas. This underscores Australia's strong cybertech capability and the ability to connect with global customers. Medium-sized companies with 51-200 employees are most likely to export, but small companies (5-19 employees) are making impressive headway in gaining traction internationally.

Figure 18

Percentage of providers exporting by size

Figure 18

Survey question: In the 2019-20 financial year, did you export any products and/or services?

Source: AustCyber's Digital Census 2020

Currently, leading cyber security economies such as Israel and the UK are generating six to 12 times the export revenues of Australia

Australian exports now account for 15 per cent of sector revenue, with 43 per cent of providers exporting, indicating that the sector has seen significant growth in exports over recent years. Expanding this export share will help to mature Australia's cyber security sector as revenues increase and companies become established, trusted providers globally.

Marketing Australia's key advantages will be critical to building export revenues. Two of the most marketable advantages include our international reputation for research excellence and our expertise as a trusted defence and security ally through the Five Eyes community. The reputation of Australian businesses as honest and reliable will see them act as trusted providers of products and services internationally.

Due to the global nature of the cyber security opportunity, the sector's ability to capture export opportunities and compete internationally are key to long-term success.

Figure 19

Cyber security export revenue for Israel, UK and Australia

US$, billions

Figure 19

Note: The figure for Israel is based on a 2018 industry report. The figures for Australia and the UK are for 2020.

Sources: AustCyber's Digital Census 2020; AlphaBeta analysis

Australia's current largest export markets are the US, UK and Singapore

Figure 20

Export destinations for Australian cyber security businesses

Percentage of exporters selling to market in 2019-20 (darker=more)

UK flag
UK
  • Primary market
  • Attracts 43 per cent of exporters
  • Defence and data security
Canada flag
Canada
  • Strong market, but requires development
  • Attracts 29 per cent of exporters, seven per cent cited among top three
  • Professional and financial services
USA flag
USA
  • Primary market
  • Home to large OT providers
  • High access to finance
  • Attracts 64 per cent of exporters, half cited among top three
  • Defence and high-tech; niche solutions
Japan flag
Japan
  • High potential
  • Attracts 21 per cent of exporters, two per cent cited among top three
  • Application and defence security
India flag
India
  • High potential
  • Attracts exporters, 9.5 per cent cited among top three
  • Baseline security needs including infrastructure and systems security
ASEAN flag
ASEAN
  • High potential
  • Signapore attracts 57 per cent of exporters, but Malaysia, Thailand, Indonesia and the Philippines attracted only 21-29 per cent. Signapore was a top market with 36 per cent, others scored 0-5 per cent.
  • Broad needs in infrastructure and platform security
NZ flag
NZ
  • Strong market
  • Attracts 38 per cent of exporters, 17 per cent cited among top three
  • Critical infrastructure, defence and data security

Survey question: What countries/regions does your organisation currently sell to/service?

Sources: AustCyber's Digital Census 2020, expert interviews

The US and UK should continue to be attractive export markets, with new opportunities in ASEAN, India and Japan

Close alignment between innovation cultures, in addition to clusters of venture capitalists and strong demand markets, have created an established pathway of international expansion to the US and UK for Australian cyber security startups.

Gaining initial success in these key markets can signal the way for broader international expansion, especially into emerging digital giants in Asia. Within these markets, the ASEAN, Japan and India will experience large technological transformation and high growth in demand from digital hungry consumers, and are currently under-serviced by Australian exporters. The recently negotiated Regional Comprehensive Economic Partnership, supporting a significant trading bloc in the Indo-Pacific, will further focus energies in these markets.

However, successfully capturing clients requires businesses to understand the cultural norms of doing business in each country. Partnering with local businesses to navigate the political and cultural landscape is a strong avenue for success. In the Indonesian market for example, almost all new entrants work with Indonesian partners. As such, partnership is a preferred export approach in many markets that have complex political, cultural and business landscapes.

Figure 21

Australia's export opportunities and barriers across target markets

Figure 21

Note: Specific products and services may require in-country delivery

Sources: Industry and expert interviews, AustCyber (2019), Cyber Security Opportunities in the ASEAN Region. AlphaBeta analysis

Australia's global competitive edge in products and services such as threat intelligence, cloud security and analytics remains under-exploited

The future export potential of Australian cyber products and services can be assessed according to:

  • the volume at which they are currently being exported; and
  • the opportunities for Australia to develop a global advantage.

Australia exports a relatively high volume of cyber security training, governance, penetration testing, and security for software as a service. Cyber security providers expect that Australia will continue being globally competitive in these areas. Australia should maintain its momentum and continue to offer high-quality products and services to an increasing number of customers and markets.

Products that are currently rated as being advantageous for Australia, but which we do not yet export on a scale that matches this potential include threat intelligence analytics, threat detection and response, security operations centres, cloud hosting, managed security service providers (MSSPs), cyber readiness assessment and cryptography. These products and services will likely be required by the financial services, mining, advanced manufacturing and healthcare sectors. Increasingly, our export focus towards these high-opportunity products and services presents the ability to match supply to new trends and customers in the future.

Figure 22

Australia's current exports and opportunities to develop a global advantage

Figure 22

Survey questions: Thinking about where Australia might focus its energies, in which areas do you think Australia has the most opportunity to become globally competitive? Of the products and/or services that you offer, what were the top three that you exported in FY2019-20?

Source: AustCyber's Digital Census 2020, expert interviews, AlphaBeta analysis

Australian cyber security innovator Detexian goes global to secure configurations for SaaS applications

Detexian enables small and medium enterprises to manage cyber risks affecting 'software as a service (SaaS)' applications such as Office 365, G Suite, Salesforce and Xero.

Founded in 2018, the organisation has established offices in Australia and San Diego, and is exporting to customers in the US, New Zealand, Singapore and Latin America.

Many of Detexian's customers are small and medium enterprises that provide solutions and services to regulated entities such as large banks, insurance companies and financial services companies. They are heavily reliant on cloud and SaaS technology and handle high volumes of sensitive financial and personal data. Detexian helps these businesses provide proof that security controls are in place at all times to protect their data and gain customer trust.

At the onset, Detexian relied on the word of mouth of their existing customers to win new ones. But the company was quick to leverage the power of digital marketing, social media and strategic alliances to scale its presence internationally.

"Our way to market is quite simple," said Co-Founder and CEO Tan Huynh. "We have a two-fold strategy to target companies through direct digital marketing and introductions from trusted partners. We've also been assisted by AustCyber and The Australian Trade and Investment Commission (Austrade) to connect and meet with potential customers and partners."

Detexian's current target export markets are Singapore, New Zealand and the West Coast of the US as there are no issues with timezone coordination, the regulatory environments are mature and business can be conducted 100% online.

In 2020, Detexian has invested significant time and resources studying the Singapore market. "It's ahead of our home market in terms of infosec regulatory compliance. SMEs constitute almost the entirety of Singapore enterprises, with over 80% having digital transformation strategies in place," said Mr Huynh. "When we began to target Singapore SMEs through direct digital marketing, we instantly experienced a high degree of interest. Then, through our networks with the help of Austrade, Detexian was introduced to a number of ecosystem partners and potential channels to explore commercial opportunities in Singapore and the wider Southeast Asian region."

The accelerated learnings have helped Detexian refine its business model to further minimise adoption barriers for both SMEs and their trusted partners such as IT consultants and MSPs who can help recommend Detexian solutions to their clients. Detexian is currently in discussions with a number of IT/security consultants and MSPs looking to expand their capabilities.

"In the wider Southeast Asian region, we are entering into strategic alliances with well-known companies with dominating positions in product verticals adjacent to Detexian. These companies are looking to progress in the value chain and jump start their offerings to provide more value-added technologies to their existing clients," said Mr Huynh.

Detexian

Australian cyber capability can lead by further integrating secure by design into existing value chains

With the expansion of global value chains and concurrent rise in the costs and severity of cyber attacks, Australia can play a leading role in providing secure by design solutions to domestic and international partners.

The current sales model for cyber security products and services predominantly targets end customers, rather than considering cyber security as a central component in the value creation process.

Integrating secure by design into global digital value chains in sectors such as defence is a proven way for Australian cyber businesses to access international buyers. Expanding global value chains in advanced manufacturing, mining and healthcare are examples of these new avenues for Australian cyber to offer security products and secure by design services in product development and across logistics, operations, marketing and service.

In the future, especially as more companies and industries adopt a secure by design approach to their own digital products and services, there will be opportunities for cyber providers to partner with companies across industries to help them develop products and services that are secure by design, rather than selling cyber security products and services directly to the company and their customers separately.

With new technologies, platforms, products and systems constantly in development, building expertise in secure by design principles will help position Australian cyber to lead into the future, both in global value chains where Australia is a key player and in industries where Australia has a strategic competitive advantage.

Figure 23

Protecting new digital value chains through secure by design

Case studies of global value chains, using example partner countries

Figure 23

Sources: Porter's Value Chain model, expert interviews, AlphaBeta analysis

Significant new technologies are being developed and tested in Australia, opening the door for cyber providers to create new security solutions

Groundbreaking new technologies - often described as 'deep tech' due to their reliance on major advancements across multiple fields - create new value chains that require secure by design security approaches.

Australia is involved in developing and testing new deep technologies, including drone delivery, smart remote monitoring, satellite tracking, quantum encryption and autonomous mining. Innovative companies including Wing, Flirtey, Taggle, Rio Tinto and Fortescue Metals Group (FMG) are pioneering world-first tests of new technology, bringing improvements to business and government, as well as increasing consumer satisfaction.

However, each of these new technologies poses new security risks and potential vulnerabilities, requiring close assessment and the involvement of cyber security professionals to ensure products are secure by design. Guaranteeing the security of these new technologies will be critical to their uptake and expansion.

Australian cyber security companies can move ahead of the rest of the world by working with innovators to ensure the security of novel technologies is built in from the beginning. Deep technologies and the ecosystems that support and secure them are critical to the future competitiveness and growth of the Australian economy and our national identity as a key global innovation player.

Figure 24

Protecting new digital value chains through secure by design

New technologies being developed in Australia

Figure 24

Sources: Cicada Innovations, Wing Aviation, Taggle.com.au, AlphaBeta analysis

  1. Department of Home Affairs (2020), Protecting Critical Infrastructure and Systems of National Significance Consultation Paper.
  2. McKinsey (2020), The COVID-19 recovery will be digital: A plan for the first 90 days.
  3. IT Brief (2020), Cyberattacks up 400% compared to pre-COVID-19 levels.
  4. Australian Cyber Security Centre (2020), ACSC Annual Cyber Threat Report July 2019 to June 2020, Figure 2: Cyber security incidents, by categorisation (1 July 2019 to 30 June 2020).
  5. Department of Home Affairs (2020), Protecting Critical Infrastructure and Systems of National Significance Consultation Paper.
  6. Israel Ministry of Foreign Affairs (2019), Israeli Cyber Industry Report - Main Findings (2013-2018).
  7. UK Government (2020), UK Cyber Security Sectoral Analysis 2020.
  8. CIO Applications (2020), Top 25 Cyber Security companies - 2020.
  9. UK Government (2020), UK Cyber Security Sectoral Analysis 2020