Secure opportunites

20 April 2017

A new strategy paper points to a bright future for the Australian cyber security sector.

The Cyber Security Sector Competitiveness Plan was released by the Australian Cyber Security Growth Network, one of six industry-led centres established under the Australian Goverment's $250 million Growth Centres Initiative.

The plan, which builds on the Government's Cyber Security Strategy from April last year, presents a review of a global market that is estimated to increase in worth from currently US$126 billion to more than US$250 billion by 2020.

And as malicious cyber activities , such as online fraud and cyber espionage, are on the rise, they are set to deliver significant economic opportunities for innovators in Australia. According to the plan, "this is true even though the domestic cyber security sector is still in its infancy and the Australian market has so far been dominated by foreign players."

Australia may even develop into a "global security powerhouse", a positive outlook that refers to our innovative capacity in areas such as quantum computation and the UNSW-led development of a secure third-generation microkernel architecture.

Over the next decade revenues generated by the Australian sector are estimated to increase from currently $2 billion to $6 billion, which is driven by several global trends:

Criminals become more sophisticated while firms are more exposed to cyber risk through their activities on the net.

At the same time, companies become more aware of potential risks, and  governments increasingly regulate cyber risks.

The current annual investment of Australian organisations in cyber security products totals around $3.5 billion, and is expected to grow by 7.5% each year over the next decade.

Most of this demand is met by foreign providers. As is pointed out in the plan,  there is not a single local firm among the 15 largest software providers by value in the Australian cyber security market, while the combined market share of Australian firms developing software is less than 5%. And the situation is similar with hardware providers.

Yet there are areas where Australian firms have been successful, in both domestic and international markets.

Australian firm Nuix, is an example for a firm developing cyber security software. Its products help clean up unknown, messy and risky data that's hidden in dark corners of corporate networks.

Its software sifts through terabytes of large and complex files at high speed, and is employed by organisations such as the United Nations, the U.S. Secret Service, Interpol and the Department of Defence.

Nuix was also the platform chosen by the International Consortium of Investigative Journalists to analyse the files in the Panama Papers.

Looking forward, the plan's key recommendation is that the  Australia's sector is limiting its focus on a few market segments where it has already comparative strengths. They are:

  1. software products, such as in cryptography and data analytics;
  2. services that improve security of basic IT and network infrastructure - Australia has already strong capacity in this area including firms such as the email and cloud security services from Mailguard; and
  3. services that focus on underlying processes including cyber security strategies, risk and compliance policies, employee training, and measures to raise the general awareness of cyber security risks within organisations.

But while the Growth Network's plan canvasses a generally positive outlook for Australia's cyber security industry, it also details some challenges faced by Australian cyber security businesses:

Australia's public funding for cyber security R&D is scattered, and there is limited collaboration between research and the private sector. The business landscape is dominated by smaller businesses and startups that often lack capacity to win contracts with large industry or government customers.

The sector also has to deal with a serious skills shortage while requiring at least 11,000 additional workers over the next decade.

To overcome these challenges, the plan calls for a new policy focus on growing cyber security education, and training institutions into dynamic, enterprising and export-oriented players (for details on specific recommendations see the report).

More information: