Australia’s path ahead may be challenging. With COVID-19 further accelerating business and government digital adoption and increasing cyber security risks, investment to uplift the country’s cyber resilience is more important than ever. Cyber is key to facilitating Australia’s economic recovery.
COVID-19 has created one of the most significant economic challenges on record, pushing Australia into its first recession for almost three decades. It has also accelerated digital adoption across all sectors of the economy, a transition that was already well underway as society became increasingly interconnected.
Every challenge brings opportunity. And, in this case, an increased need for effective and secure digitisation across government services, workplaces and education has elevated cyber security as a key platform for economic growth. To support this, public and private sector partnerships will need to be strengthened.
Cyber risks have been well understood for many years, including the need to address the risks with solutions beyond technology or IT-centric responses. But recent events have demonstrated the need for government and business to look at cyber risks through a broader lens. One that recognises that this is a “whole of society” issue, where we need to take coordinated and collective responsibility. Failure to do this will impact our ability to securely enable the workforce of the future and potentially threaten our economic recovery.
The Australian economy has always been a target for cyber criminals and, according to our 23rd CEO Survey report, Australia’s CEOs have been consistently more concerned about cyber security undermining growth than their global peers (a five-year average 83% of local CEOs, compared with 69% of global peers). Increased digitisation and remote working arrangements through COVID-19 has amplified this, and there is now an increased focus on cyber security. There’s a new sense of urgency to build confidence and trust in critical services and protect Australia from the threat of a cyber attack.
The upcoming Federal Budget presents a timely opportunity to implement the initiatives set out in Australia’s Cyber Security Strategy 2020 and ensure we have the right priorities in place to uplift security and resilience, and drive sustainable change.
A common question is ‘How much is enough to protect against a cyber attack?’ and the reality is – it’s never enough and the problem can’t be solved by one group alone. The government is, however, uniquely placed to solve this problem by encouraging and driving increased partnership between the public and private sectors.
The pandemic is the opportunity needed to speed up the shift to centralised cyber services and information sharing to strengthen passive and active defence and innovation in the sector. By creating central hubs and encouraging collaboration to pool on specialist skills, more can be done and better services can be delivered.
Holding Australia back from being competitive internationally is both the degree to which organisations differ in their cyber capabilities and the under investment in cyber in recent years. Cyber attacks are now leveraging one organisation’s security weakness to gain entry into another. So it’s imperative that the government works to both uplift its own capability and maturity (nationally and across states), as well as establish a baseline of security for the private sector.
The challenge ahead will be how to encourage private sector investment. To achieve this, a mindset shift is required. Corporate Australia will need to expand its understanding of cyber from an investment for protecting themselves towards being an investment into the ecosystem that creates a competitive advantage for Australia.
It’s a positive step forward to see that the Australian Cyber Security Strategy 2020 includes $26.5 million to be invested in a Cyber Skills Partnerships Innovation Fund. It will go a long way to encouraging business and academia to partner together and find ways to improve cyber security skills. The investment will also help to combat the huge gap between supply and demand for cyber security professionals. The gap is currently estimated to be 3.5 million open roles globally with more than 17,000 needed in Australia by 2026*.
In recent years, the supply shortage has been somewhat managed by an influx of skilled cyber security resources from places like India. However, the current COVID-19 environment and the shutdown of international borders has created a form of ‘hunger games’ for cyber security professionals in Australia, and we are seeing salaries skyrocket. This current scenario is unsustainable and could do more harm than good if untrained resources are substituted to fill the gaps in capability.
The strategy outlines avenues for scholarships, apprenticeships, internships and many other forms of incentives for Australian businesses to build their own workforce. With the current unemployment rate being as high as it is due to the pandemic, there’s a unique opportunity to cross skill people from adjacent capabilities, such as project management, criminology, transformation or other disciplines and make them highly effective cyber security professionals. Our article A country-led recovery that’s built on the future of work explores why now is the time to rethink the investments that are needed and the role of government to make this happen.
With a shortage in cyber talent, organisations should also consider investing in capability that removes the reliance on human capital. Investments in creating artificial intelligence solutions can remove some exposure to the global skills shortfall. Investment in the right technology also enables them to better use their specialist resources for higher-end tasks.
A hallmark of 2020 has been new opportunities to digitise the delivery of government services. But with increased digitisation comes a change in the trust dynamic between the government and its citizens.
To build confidence in critical citizen services, the government must operate from a position of trust by protecting the critical infrastructure and human services that everyday citizens rely on to live, work and study.
Enabling citizen security also has a role to play in helping make Australia an even harder target for cyber criminals. Falling within the government’s social responsibility should be the empowerment of its citizens and residents to protect their own businesses, their homes and their information. People need to be thinking about security in all aspects of their lives and cyber must be seen as a new life skill.
Australia needs a recovery that’s built on growing confidence in critical citizen services, creating an environment for the public sector and industry to better collaborate, and upskilling a security conscious workforce in specialist and non-specialist roles.
In the Federal Budget, we look forward to seeing the Government build momentum on some of the good work that is underway for cyber. Subscribe for our in-depth analysis of the 2020-21 Federal Budget.
Australian Government, ‘Australia’s Cyber Security Strategy 2020’, August 2020, available at https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf
Partner, Digital Identity, PwC Australia
Tel: +61 3 8603 6866
Partner, Melbourne, PwC Australia
Tel: +61 436 444 949