Cybersecurity and the Australian Federal Budget 2023

I looked for the cybersecurity line items in the budget so you don’t have to.

Initial thoughts

The budget documents deliberately call out that the government will be spending $101.6 million over the next five years (and $11.8 million per year ongoing) to support and uplift cybersecurity in Australia.

As I said in 2021 and 2022, we continue the trend of spending a significant amount on national security, which includes cybersecurity, but having most of the money directed towards the government’s own departments.

Having said that, they undersold how much they’re actually pouring into cyber, having carved online safety, scams, and privacy out of what they deem to be cybersecurity.

In essence, the Australian Government should actually claim to be spending over $500 million on cyber in this budget.

Spend

Here is a breakdown of the cyber-related items in the budget:

• $23.4 million over 3 years from 2023–24 to the Department of the Treasury for a small business cyber wardens program delivered by the Council of Small Business Organisations Australia, to support small businesses to build in-house capability to protect against cyber threats.
• $46.5 million over 4 years from 2023–24 (and $11.8 million per year ongoing) to establish the Coordinator for Cyber Security.
• $19.5 million in 2023–24 to continue work to improve the security of critical infrastructure assets and assist owners and operators to respond to significant cyber-attacks.
• $12.2 million in 2023–24 to sustain cyber resilience of Commonwealth entities currently serviced by the Cyber Hubs pilot program and to continue assessment and certification of service providers used by the Commonwealth entities to host data.
• $88.8 million over two years from 2023–24 to support the continued operation of the Consumer Data Right in the banking, energy and non-bank lending sectors, progress the design of action initiation and uplift cyber security.
• $134.1 million over 4 years (and $33.7 million per year ongoing, in addition to the existing base funding of $10.3 million per year ongoing) for the Office of the eSafety Commissioner to continue to support Australians online, including through enhanced educational, outreach and investigatory activities.
• $3.8 million in 2023–24 to the Australian Sports Foundation to enhance the organisation’s information technology network to address emerging cybersecurity risks.
• $58 million over 3 years from 2023–24 to establish the National Anti-Scam Centre within the Australian Competition and Consumer Commission to improve scam data sharing across government and the private sector and to establish public-private sector Fusion Cells to target specific scam issues.
• $17.6 million over 4 years from 2023–24 (and $4.4 million per year ongoing) for the Australian Securities and Investments Commission (ASIC) to identify and take down phishing websites and other websites which promote investment scams, to be cost recovered through levies under ASIC’s industry funding model.
• $10.9 million over 4 years from 2023–24 (and $2.2 million per year ongoing) to the Australian Communications and Media Authority and the Department of Infrastructure, Transport, Regional Development, Communications and the Arts to establish and enforce an SMS sender ID registry to impede scammers seeking to spoof industry and government brand names in message headers.
• $44.3 million over 4 years from 2023‐24 (and $8.4 million per year ongoing) for the Office of the Australian Information Commissioner to support a standalone Privacy Commissioner, progress investigations and enforcement action in response to privacy and data breaches, and enhance its data and analytics capability.
• $0.9 million over two years from 2023‐24 for the Attorney-General’s Department to progress the Government’s response to the recent review of the Privacy Act 1988 and to support a separate independent statutory review of Part IIIA of the Act, with costs associated with preparing the government response to the recent review to be met from within existing resources.
• $24.7 million for the Department of Finance and the Digital Transformation Agency (DTA) to maintain the current Digital ID system and design the policy and legislative foundations to transition to an economy-wide Digital ID ecosystem with an independent regulator.
• $1.1 million for the Office of the Australian Information Commissioner to provide ongoing privacy assurance for the Digital ID program.
• $1.1 million for the Australian Taxation Office for communications research associated with the myGovID brand.
• $36.9 million over 5 years from 2022–23 (and $2.0 million per year ongoing) for the Department of Education to optimise the Tertiary Collection of Student Information system to improve data quality, analytic support and the security of tertiary student loan records.

Ian Yip is the CEO of Avertro, a venture-backed cybersecurity software company. Avertro CyberHQ® is cyber leadership’s command centre for cybersecurity.