Cybersecurity and the Australian Federal Budget 2022
I looked for the cybersecurity line items in the budget so you don’t have to.
I commented in my corresponding post when last year’s budget was released that:
“This (2021) budget continues the historical trend of spending a significant amount on national security, which includes cybersecurity, but having most of the money directed towards the government’s own departments.”
Not only has the government continued the pattern this year, they have significantly increased the amount that is being channelled to the Australian Signals Directorate (ASD) in the name of national security and the heightened cyber threat landscape through REDSPICE. In more tangible terms, the ASD is expected to at least double in size and triple its offensive cyber capabilities.
I did also mention last year that:
“We cannot be cyber resilient as a nation without a stronger ecosystem, which includes businesses of all sizes, as well as a healthy amount of sovereign capability in the form of technology and solution providers.”
This has been somewhat addressed this year, but pales in comparison to the spend on our government’s own capabilities.
I should be fair and point out that roughly half of the amount dedicated to REDSPICE is supposedly going towards “opportunities for Australian industry, including small and medium Australian enterprises”.
The REDSPICE blueprint does mention this will include software, technology, and services. So, let’s hope this is appropriately balanced. In the past, this has been extremely heavily weighted toward professional services, which means a lot of sovereign innovation remained on the sidelines when it came to helping protect our national cyber interests.
Beyond the mountain of cash headed to ASD, $1.55 billion is going towards digital technology uptake and skills/training for businesses that have an annual turnover less than $50 million. From a technology startup standpoint, this is noteworthy. For example, Avertro falls into this category, so we should see some financial benefits as a result.
Curiously, they’ve capped the claimable amount on technology at $100,000 per year. For a company that makes $50 million per year, the cap amounts to a pitiful 0.2% of that number, which is much less than a company of that size will likely be spending on technology. Of course, for a much smaller business, the percentage is higher. In other words, this is mostly going to benefit smaller businesses. I’m not saying this is a bad thing. Just pointing out the facts.
There does not seem to be a cap on the skills and training spend, despite there only being half the amount budgeted compared to the $1 billion allocated to technology. I’m guessing the projections did not expect companies to spend nearly as much on skills and training when compared to digital technologies.
Two final notes on the $1.55 billion I just mentioned:
- Eligible spend incurred from now to the end of FY22 will only be claimable in FY23. i.e. next financial year.
- The amount allocated is not specific to cyber. In other words, based on previous spending patterns, very little of it will be incurred as a result of cybersecurity spend. That said, it’s better than nothing.
Here is a breakdown of the cybersecurity-related (including some relevant digital and STEM) items in the budget:
- $9.9 billion over 10 years to deliver a Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers (REDSPICE) package. This will significantly enhance the offensive and defensive cyber and intelligence capabilities of the ASD.
- $1 billion via the Technology Investment Boost to help businesses with aggregated annual turnover less than $50 million support digital uptake, up to $100,000 of expenditure per year, by deducting a bonus 20 per cent of the cost of business expenses and depreciating assets. It will support investment in digital items such as cloud computing, cybersecurity, accounting and e-invoicing software, portable payment devices, and web page design. This will apply to eligible expenditure incurred between 7:30pm (AEDT) on 29 March 2022 (Budget night) and 30 June 2023.
- $550 million via the Skills and Training Boost the help businesses with aggregated annual turnover less than $50 million, by deducting a bonus 20 per cent deduction for the cost of external training courses delivered to their employees by providers registered in Australia. This boost will apply to eligible expenditure incurred between Budget night and 30 June 2024.
- $30.2 million to extend the whole of government cyber hubs pilot, including the establishment of a fourth Cyber Hub Pilot in the Australian Taxation Office.
- $38.4 million over 3 years from 2022–23, and $12.6 million per year ongoing from 2025–26 to implement the Government’s response to the Inquiry into the Future Directions for the Consumer Data Right.
- $3.9 million over two years from 2022–23 to support more women into digitally skilled roles. In partnership with industry, this initiative will provide mentoring and coaching to facilitate a mid-career transition into the tech workforce.
- $2 million over four years to 2024–25 to fund the Superstars of STEM program, which is delivered by Science and Technology Australia to increase the visibility of women in STEM as role models and has supported 150 women to date.
- $2.3 million over two years to 2025–26 for the Women in STEM Ambassador program, through which Professor Lisa Harvey-Smith has reached 121,916 unique participants through 370 hours of public engagements and outreach.
- $2.4 million over four years to 2025–26 to fund the Future You awareness campaign, which provides an online platform that has reached 3.1 million children, parents and carers to raise awareness amongst children aged 8 to 12, as well as their parents and carers.
Ian Yip is the CEO of Avertro, a venture-backed cybersecurity software company. Avertro CyberHQ is a SaaS platform that helps leaders manage, measure, and report on their cybersecurity performance.