30 November 2022

Australia A$7 billion cyber security opportunity

very 7 minutes, a cybercrime is reported in Australia. The number and sophistication of these threats have increased in recent years. In the 2021–22 financial year alone, 76,000 cybercrimes were reported in Australia. This is a 13% increase from the previous year. (Source: Australian Cyber Security Centre (ACSC), Annual Cyber Threat Report, July 2021–June 2022, November 2022).


Australia is ranked the world’s fifth most powerful cyber nation (Source: Belfer Center for Science and International Affairs, National Cyber Power Index Report 2022, November 2022). But recent high-profile cyber attacks have highlighted the need to increase the cyber maturity of businesses that collect Australians’ sensitive data.

This creates significant opportunities for cyber security providers to offer new solutions. Australia offers investors a range of benefits, including:

  • high demand for cyber products and services
  • a federal regulatory framework that is driving cyber market growth
  • access to incentives
  • a rich pool of talent
  • proximity to Asian cyber markets
  • a strong research ecosystem and future-facing innovation advantages.
Digital security and private data access by using digital fingerprint scanner concept

Rising demand for cyber security creates investment opportunities

The Australian cyber market contributes A$2.4 billion to GDP. Australians spent A$5.6 billion on cyber security products and services in 2020 (Source: AustCyber, Australia’s Cyber Security Sector Competitiveness Plan 2022).

Spending is expected to rise in light of rising cyber attacks. We are ranked ninth in the world for cyber revenue generation, projected to grow to over $7 billion by 2027 (Statista). Our cyber market has the potential to generate A$800 million more annually by 2026 (Source: AustCyber, Australia’s Cyber Security Sector Competitiveness Plan 2022). Most Australian companies (60%) will increase cyber budgets in 2023 (Source: PwC’s 2022 Global Digital Trust Insights Survey September 2022).

A regulatory framework that supports cyber investment

Australia’s supportive regulatory framework makes us an attractive market to develop and deploy cyber solutions in proximity to large customers. The federal regulatory framework drives cyber market growth by addressing risk management and consumer privacy objectives.  

The Australian Government has legislated positive cyber security obligations for businesses deemed ‘critical infrastructure’, across 11 industries. The obligations require over 2,000 businesses to develop a risk management program to address cyber security. Recent high-profile cyber breaches have also led to increased penalties for businesses that do not sufficiently protect customer data.

These obligations will drive cyber uplift among key businesses in the economy.

Incentives to support innovation

Innovation is a key element of the local cyber ecosystem. Australia has future-facing strengths in cyber, including in quantum, space and remote operations. 

The Australian Government provides programs and incentives to support cyber innovation. They include:

  • R&D Tax Incentive: a refundable tax offset for companies to support investment in innovative R&D. According to Deloitte, Australia’s R&D Tax Incentive is globally competitive for loss-making cyber startups with aggregate revenue under A$20 million.
  • REDSPICE program: A$5 billion for industry under a program that aims to triple the Australian Signals Directorate’s cyber security capability and double its cyber hunt activities.
  • Cyber Security Skills Partnership Innovation Fund: A$70 million to upskill and diversify staff in cyber security.
  • Australian Defence Force Cyber Gap Program: A$41 million program offering financial support, mentoring and defence work experience opportunities for cyber students.
  • State-based incentives: Selected states offer payroll tax relief and employment subsidies to support employment in cyber. Austrade can help investors find the most appropriate visas for their needs.

Access to Australia’s rich talent pool

Australia is an ideal place to grow a cyber specialist workforce. Australia’s cyber security talent is comparable in scale to competitive cities. Talent is also cost-effective, thanks to industry and government co-investment in cyber skills development.

Australia is ranked first in the OECD for its capacity to attract and retain highly educated workers. We have a large pool of cyber security professionals, offering:

  • Up to 67,000 skilled workers in computer, information and network security
  • Over 3,300 Certified Information Systems Security Professionals, behind China and Japan, and on par with India as the third highest in the Asia-Pacific region
  • Up to A$3 million to fund industry and education providers that help develop a skilled cyber security workforce.

We also offer research partnership opportunities for investors seeking to capitalise on our strong track record of innovation, including across the space and quantum fields. Australia is ranked fourth in the world for research impact in cyber security technologies.

A launchpad to Asian markets

Australia is ideally placed as a launchpad to Asian cyber markets. We are a leader in the Asian time zone for foreign direct investment (FDI). Setting up here also provides time zone benefits for global companies maintaining a 24-hour cyber security footprint. Australia also has strong geopolitical alliances, boosting our global cyber capability.  

Investing in Australian cyber security

Over the last 5 years, Australia has been the second largest and most attractive market in the region for FDI in cyber security (Source: FDi markets). In this period, we attracted 35% of investment funds in cyber security in Asia (excluding China). This included venture capital and M&A investment. In this way, Australian-headquartered cyber companies secured greater investment than those in Singapore, South Korea, Japan and India (Source: Pitchbook analysis).

Many businesses from across the world have chosen Australia to invest in cyber security. This includes San Francisco-based Arkose Labs, which has conducted R&D for global clients from its Brisbane office. Arkose Labs provides a fraud and abuse prevention platform used by PayPal, Microsoft and Hong Kong Express. Arkose Labs has been involved with Austrade through a number of programs, including the RSA Conference Cyber Security Mission in 2017 and 2018.

Earlier this year, MITRE announced the launch of its first international applied research centre in Adelaide. MITRE is a not-for-profit organisation and trusted partner of the US Government for applied research in national security matters. The new MITRE Centre for Information Integrity & Defence will enable Australia to tap into decades of applied research to advance Australia’s sovereign capabilities. This further cements Australia as a prime location for space, defence and cyber security in the Asia-Pacific region. The centre will be operational by the end of 2022.

Related news