Co-ordinated leadership and action is needed to steer Australia’s fast-growing cybersecurity industry, according to a new report.

Cybersecurity revenue rose 10% to more than $6 billion last year, and a record $348 million was raised by cyber start-ups, the Australian Cyber Network says.

Some 137,453 people work in cyber, and that is forecast to grow by 41% by 2029.

“Australia’s cybersecurity sector is growing fast, but we’re flying blind without a cohesive national view, visible leadership and deeper engagement with the actual experts in the room,” network chair Jason Murrell said.  

“We’ve got the capability. We’ve got the people. What we now need is action, co-ordination and leadership.”

Australia ranked fourth worldwide for the number of attacks on critical infrastructure last year, and 69% of businesses were hit by ransomware.

There were 47 million data breaches, making Australia the 11th most affected country.

The network’s report identifies a lack of sustained investment in sovereign cybersecurity research and development, affecting Australia’s ability to innovate and remain competitive.

Industry leaders believe government procurement policies should prioritise Australian-developed tools, to reduce reliance on foreign technologies, it says.

Cybersecurity messaging is not reaching key groups such as small businesses and older people, leading to low engagement and inaction, according to the report. High-profile data breaches have desensitised the public, creating a “false perception that cyberattacks are unavoidable”.  

The report notes it has been more than a year since the federal government launched its “ambitious” strategy to make Australia the most cybersecure nation by 2030.

“We are 15 months in ... and left wondering what progress has been made against the action plan and whether the government met its own first-year milestones.”  

Advisory group the Executive Cyber Council has been “a significant low point”, the report says, with “the voices of the professionals who deal with cyber threats daily ... largely excluded from strategic decision-making.

“The [cyber council] has instead been dominated by representatives from large corporations and government-aligned stakeholders ... The absence of subject matter experts, such as cybersecurity founders or those from specific cyber disciplines from the cybersecurity industry, raises serious concerns.”

The report says that without more transparency and better communication, “this approach risks undermining the effectiveness of Australia’s cybersecurity strategy, alienating industry stakeholders and failing to seek broader views from the coalface on delivering solutions”.

The network has called for detailed progress reports outlining what has been achieved each year, a funding breakdown, clear metrics to measure success, and more direct engagement with businesses and cybersecurity professionals.

“The government cannot claim to be making Australia cybersecure while keeping progress reports behind closed doors.”  

Download the report here.