Skip to content Skip to footer

Loading Results

The New Equation to protect Australia’s critical infrastructure

As a critical infrastructure operator, Australia’s energy sector provides the essential service keeping our homes connected and economy turning. With a new cyber crime reported every eight minutes in Australia, one of the most serious threats to our lives are cyber crimes targeting our nation’s critical infrastructure operators.

A community of solvers delivering a critical infrastructure framework for cyber protection

With 69% of Australian executives expecting an increase in state-sponsored attacks on critical infrastructure1 the safeguarding of their organisation's assets is top of mind. Leading the way is the energy (electricity and gas) sector, where 150 CEOs came together with PwC’s community of solvers to help protect Australia’s critical infrastructure through The New Equation.

The result was the Australian Energy Sector Cybersecurity Framework (AESCSF), now used by 270 energy market participants. Designed and developed by the Australian Energy Market Operator (AEMO) with the support of PwC Australia and the Cyber Security Industry Working Group (CSIWG), the framework measures and reports cybersecurity maturity in the sector. Sparking support from across boards and government, the framework has opened discussion on the importance of cybersecurity and its continued investment in order to deliver sustained outcomes for clients, communities, and the country.

Even the smallest incident can have the biggest impact

Why is such a framework important for cyber protection?

Responsible for our nation’s essential services such as energy, water, health services, transport, and food - it’s estimated that within two years, 85% of Australian organisations will be considered ‘critical infrastructure’ in the cyber conversation.

As a critical infrastructure sector in focus, energy is a critical enabler in most growing supply chains with complexity increasing as the intricacies of business do the same. With this, a single cyber attack has the potential to deliver a domino effect across industries. In the case of the energy sector, even small scale attacks, if averted or only impacting operations for a day, are still significant when considering the sheer reach critical infrastructure holds across the country. As an example, an impact on electricity supply would cascade to critical infrastructure data centres. The flow on effect in such a situation adds further concern as employment is disrupted, consumer confidence eroded, trade and economic sectors impacted, and social problems exacerbated as issues such as panic buying occur, alongside anxieties concerning a lack of energy supply.

Human-led and tech-powered problem solving for the future

These impacts and issues were closely considered when PwC’s critical infrastructure and cybersecurity teams, plus local industry and international experts skilled in resolving critical infrastructure challenges, including experts from PwC Israel (recognised by many as global leaders in critical infrastructure security), came together with energy sector CEOs.  Interactive sessions were held in every state across Australia to engage the sector, while utilising digital services to facilitate seamless and secure collection of data from hundreds of market participants.

Led by people and powered by technology, participants were able to gain a deeper understanding of potential cyber problems by facing them in simulation, surfacing solutions that would strengthen operations in real life scenarios. As a critical component of preparedness, they were then able to understand how remote and highly-dispersed assets and facilities could be improved, through security enhancements.

Building, earning, and sharing trust for sustained outcomes tomorrow

With the trust instilled in PwC, the teams were able to come together and draw a consensus across diverse industry issues such as asset criticality, relevant standards and frameworks (both local and international), best practice use of security controls, and enhanced cybersecurity measures. Risk management programmes have also been developed to meet new standards and safeguard critical energy infrastructure against future threats.



Bringing together a global community of solvers, the insight of over 150 CEOs and stress-testing solutions under simulations. The ultimate outcome? Risk management programmes that meet new standards and safeguard our energy sector against future threats.


Solving complexity with confidence as a community of solvers

Costing the economy over $33 billion each year2 , those on the frontline of cyber attacks have seen annual cybersecurity spend increase by 500% in some instances, spending in the magnitude of $20 million to reduce their risk rating from catastrophic to medium. As governments seek to protect vital infrastructure so too does the regulation surrounding it, with many businesses struggling to keep up in this complex environment. This makes it hard for organisations to navigate what’s needed to stay protected, and vigilant against increasing vulnerabilities in their industries. For the critical infrastructure sector, risk management planning that takes an 'all hazards' approach is already business-as-usual, however, the risk management planning requirements of critical infrastructure legislation will require an approach informed by geo-politics and cyber threat actors which few companies have deep talent in.

As a community of solvers, PwC Australia provides the end-to-end expertise to navigate cyber complexity, and stay protected, even as threats continue to rise. The firm releases pressure on organisations to feel they need to stay on top of regulations and the management of multiple security standards. By empowering clients through industry collaboration, the team comes together in unexpected ways to surface unique solutions to important cyber problems. Building, earning, and sharing trust together, this collective approach, led by PwC Australia and supported through sectors, industries, organisations, and communities alike, is helping to build a more secure and resilient Australia. 

The cross section of talent in this approach means the solution can be shaped and scaled to meet the precise business need - no matter how big or small. For organisations with no or minimal cyber capability, full end-to-end services are provided, while those that are cyber-mature benefit from a bolstering of capabilities.

Leading by example to protect lives and livelihood

As a community of solvers, PwC Australia is proud to come together in unexpected ways to build trust for clients and communities, and deliver sustained outcomes for Australia’s critical infrastructure sector. Leading by example to protect the lives and livelihoods of all Australians, it’s solutions like the Australian Energy Sector Cybersecurity Framework (AESCSF) created by the Australian Energy Market Operator (AEMO) with the support of PwC and Cyber Security Industry Working Group (CSIWG), that are impacting, protecting and solving for a more secure and resilient society. 

It all adds up to The New Equation.

Find out how The New Equation can work for you

Reach out to start a conversation


Robert Di Pietro

Robert Di Pietro,
Partner, PwC Australia

Garry Bentlin

Garry Bentlin,
Partner, PwC Australia

Corinne Best

Corinne Best,
Trust and Risk Business Leader, PwC Australia

Zoe Thompson

Zoe Thompson,
Director, PwC Australia

Contact us

Lachy Haynes

Partner, Integrated Infrastructure, Environmental Transactions and Advisory, PwC Australia

Tel: +61 (3) 8603 0630

Guy Chandler

National Energy & Utilities Leader, PwC Australia

Tel: +61 439 345 045

Clare Pope

Global Legal ESG Lead, PwC Australia

Tel: +61 402 794 090