Cybersecurity and the Australian Federal Budget 2024

I looked for the cybersecurity line items in the budget so you don’t have to.

Initial Thoughts

True to the behaviour we’ve seen in 2021, 2022, and 2023, the Australian government is spending all its cybersecurity-related dollars on itself.

Having said that, it seems they have at least thought about how to focus dollars on protecting the average citizen:

1. The agencies that have been given the most money are the ones responsible for systems that hold a lot of key citizen information.
2. A significant amount is being spent on expanding Australia’s Digital ID capability.
3. Key regulators that enforce cybersecurity across industries have been given a significant amount of money to improve their own cyber resilience.

Spend

Here is a breakdown of the cyber-related items in the budget:

• $1.8 billion will be provided to Services Australia to support the delivery of customer and payment services. This includes funding for frontline and service delivery staff to manage claims, respond to natural disasters and improve the cyber security environment.
• $314.1 million over two years to significantly strengthen safety and security at Services Australia centres.
• $288.1 million is being committed to support the further delivery and expansion of Australia’s Digital ID System so more Australians can realise the economic, security and privacy benefits of Digital ID.
• $206.4 million over four years from 2024–25 (and $7.2 million per year ongoing) to improve the data capability and cyber security of the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) and to continue the stabilisation of business registers and modernisation of legacy systems.
• $187.4 million is being provided to the Australian Taxation Office (ATO) to better protect taxpayer data and Commonwealth revenue against fraudulent attacks on the tax and superannuation systems. Funding will upgrade the ATO’s information and communications technologies and increase their fraud prevention capabilities. This will ensure the ATO has dedicated resources to manage increasing risk, prevent revenue loss, and support victims of fraud and cyber crime.
• $160.7 million over four years from 2024–25 (and $24.6 million per year ongoing) to upgrade the NDIS Quality and Safeguards Commission’s information technology systems, to better protect the safety of NDIS participants, reduce regulatory burden on NDIS providers, and improve cyber security.
• $50 million to Services Australia to improve the usability, safety and security of the myGov platform and ensure Services Australia can support people to protect their information and privacy.
• $39.9 million over five years from 2023–24 for the development of policies and capability to support the adoption and use of artificial intelligence (AI) technology in a safe and responsible manner, including 2.6 million over three years from 2024–25 to respond to and mitigate against national security risks related to AI.
• $37.3 million over four years from 2024–25 (and $8.6 million per year ongoing) for the Australian Competition and Consumer Commission (ACCC), the Australian Securities and Investments Commission (ASIC) and the Australian Communications and Media Authority (ACMA) to administer and enforce mandatory industry codes for regulated businesses to address scams on their platforms and services, initially targeting telecommunications, banks and digital platforms services relating to social media, paid search engine advertising and direct messaging.
• $23.3 million over four years from 2024–25 for the Australian Taxation Office to continue to oversee and operate the secure eInvoicing network.
• $12.8 million over four years from 2024–25 (and $2.3 million per year ongoing) to the Department of Parliamentary Services to enhance information technology to support business productivity and cyber security.
• $8.4 million to the Department of Veterans’ Affairs (DVA) to improve case management and protect against cyber risk.
• $8.0 million over three years from 2024–25 to support the Australian Sports Foundation to complete technology upgrades, including enhancement of cyber security for the fundraising platform.
• $6.3 million in 2024–25 for the ACCC to improve public awareness of scams and help the public to identify, avoid and report scams.
• $5.6 million in 2024–25 to the Office of the Australian Information Commissioner to provide privacy oversight under the Digital ID legislation.
• $3.5 million over two years from 2024–25 to the Australian Security Intelligence Organisation to provide security assessments of entities seeking accreditation or participation in the Australian Government Digital ID System.
• $1.6 million over two years from 2024–25 for the Treasury to develop and legislate the overarching Scams Code Framework.

Ian Yip is the founder and CEO of Avertro, a venture-backed cybersecurity software company.