Executive Summary

The cyber security sector is flourishing in Australia: growth is strong, a vibrant cohort of young cyber security technology and service providers has emerged and the workforce is expanding.

Australia’s cyber security sector is growing rapidly. Between 2017 and 2020, sector revenue has grown by A$800 million to A$3.6 billion across approximately 350 technology and service providers, who are supported by about 26,500 workers.

The average cyber security provider is young, small and active across the country. On average, they are 8.5 years old, and about 40 per cent are younger than five years. Their youth means that most of these providers employ relatively less workers: 88 per cent have fewer than 100 employees.

The COVID-19 pandemic has had short- and long-term economic effects on Australia’s cyber security providers.

A few months after the start of the pandemic, surveys showed that, on average, providers with fewer than 20 employees had experienced a decline in revenue, while the revenue of larger providers was steady or had grown since it began.

Significantly, the pandemic has accelerated digitisation trends, which in turn drives demand for cyber security solutions and skills. It has also revealed the extent to which our national wellbeing relies on a range of industries that have not traditionally been recognised as digitised industries that require robust protection.

Australia’s economy is digitising and the cyber security sector must be capable of meeting its protection needs.

Digitisation drives productivity gains and is at the centre of Australia’s future economic prospects. Cyber security is a foundational enabler of digitisation: it builds digital trust and gives businesses and consumers the confidence to transact online, adopt new technologies and create new markets and commercial opportunities. This is apparent in a few recent examples such as the widespread adoption of cloud services and remote working tools and the ubiquity of e-commerce in modern retail trade. The next wave of technologies, such as the Internet of Things (IoT), sophisticated remote operations technology, quantum and artificial intelligence (AI), will further transform the economy.

The Australian cyber security sector will need to continue to mature and develop to secure increasingly complex digital value chains. This does not mean that only local suppliers should provide comprehensive protection to Australian businesses. Rather, our cyber security sector should be capable of coordinating and adapting a range of solutions from around the world to meet national needs.

Australia’s cyber security sector should also become a global leader in the utlisation of secure by design principles, where the application of security guides the development of new digital technology and the roll-out of new value chains. Australia is well placed to do this, especially in industries where we have competitive strategic advantage.

The sector is well placed for further growth and success as it continues to tackle familiar challenges relating to innovation, market maturity, investment and skills.

The maturity and competitiveness of the Australian cyber security sector is vital for future Australian prosperity. To achieve this, familiar challenges need to be addressed. New providers with quality offerings need to be supported, funded, connected to the market, and supplied with the skilled workers they need to succeed.

Governments, cyber security sector leaders, educators and investors all have crucial roles to play as the sector matures. Already, a host of effective sector development activities and initiatives have yielded success, including regulatory reform emerging from the Australian Government’s Cyber Security Strategy 2020. The result is that Australia’s cyber security innovation environment continues to mature, more customers are looking to buy from Australian cyber security providers, and a sophisticated skills training architecture has been developed.

In a digitising economy, cyber security is an essential economic enabler that mitigates threats and builds trust

The new economy is a digital economy. As we enter the third decade of the 21st century, digital technology is expanding beyond a handful of industries and becoming central to the whole economy. Digitisation brings a host of benefits: improved productivity, access to more markets, and the development of new products that solve old problems, to name just a few. But as digital tools proliferate, they offer more targets for malicious actors who have increasingly powerful and lucrative techniques.

Malicious cyber activity ranges from straightforward online fraud – such as scams using email, websites or chat rooms – to sophisticated cyber espionage and even catastrophic disruption of vital infrastructure, such as phone lines or power grids. Cybercrime doesn’t just harm an organisation’s business and reputation, it can also compromise a nation’s security, stability and prosperity. The number of incidents of cybercrime has spiked in recent years, as perpetrators aggressively exploit flaws in digital infrastructure.

Cyber security, and its relationship with privacy and safety, is therefore a front-of-mind concern for business leaders, regulators and politicians who are anxious to shore up defences against adversaries who are devising new ways to exploit vulnerable systems and networks. The growing security needs of organisations are expected to underpin the rapid evolution of the global cyber security sector. Between 2017 and 2020, global spending on cyber security grew from US$113 billion to US$147 billion.

Source: Gartner (2020), Forecast: Information Security and Risk Management, Worldwide, 2018–2024, 2Q20 Update. Available at: https://www.gartner.com/en/documents/3988093/forecast-information-security-and-riskmanagement- worldw


In 2020, AustCyber conducted a sector-wide Digital Census of Australia’s cyber security sector. The responses captured by this survey have enabled AustCyber to present more detailed insights into the sector than ever before. The Update was also informed by extensive consultation with governments, the private sector and the research community in Australia and internationally. AustCyber gratefully acknowledges and thanks all who contributed.

  • AARNet
  • Accenture
  • Amazon
  • AUCloud
  • Austrade
  • BHP
  • Bugcrowd
  • CISO Lens
  • Cyber Aware
  • CyberCX
  • CyCube
  • Cynch Security
  • CyRise
  • Deloitte Australia
  • Department of Home Affairs
  • Dtex Systems
  • EY Australia
  • Government of South Australia
  • IAG
  • IBM Australia
  • Penten
  • PwC Australia
  • Splunk
  • Telstra
  • Trustwave
  • University of Queensland
  • Westpac

AustCyber also acknowledges Bugcrowd, Cloud one – Conformity, CyberCX, Cydarm Technologies, Cynch Security, Detexian, elttam, FifthDomain, Kasada, truuth, Penten, Retrospect Labs, Secure Code Warrior and the University of Adelaide for their contributions to the case studies.