KPMG responds to the release of the Government’s 2020 Cyber Security Strategy

Lead Partner, Cyber in Government

One in three adults have been affected by cybercrime, and estimates are the cost of cybercrime could be as much as $29 billion per year in Australia alone.

Today’s announcement of the release of Australia’s 2020 Cyber Security Strategy follows a ‘call for views’ last year, and the release of the Industry Advisory Panel report last month.

The creation of the Joint Cyber Security Centres within Australian states following the 2016 strategy was a welcome move, and further investment into these capabilities will go some way to further explain the cybersecurity threat we face, and what we can do about it.

For years, we have heard so much more about cyber hacks and incidents than proactive cybersecurity protection strategies. The shift to be more active on addressing cyber security announced today is positive and business and personal focus should shift to be more proactive.

The strategy announces a $1.67 billion investment over ten years, the largest ever financial commitment to cyber security in Australia recognising the importance of the internet for our prosperity but also the challenge of the ubiquitous nature of threats from cyber criminals.

A key focus for the future will be improved security by design, more ability for government to help business and an increased focus on national critical infrastructure. Another is making our National Critical Infrastructure more resilient. There will be a pooling of resources within government into “Secure Government Hubs” to reduce the number of networks hostile actors can target. $90m will be invested in growing Australia’s cyber skills.

The spectrum of cybersecurity offerings ranges from architecture, design, engineering, build, operations, support and compliance checking. This range of skills is not dissimilar to the house building process; sequential and monitored at each step. However, it’s fair to say cybersecurity experts are used far too late in the build of commercial and government systems, often as an afterthought to achieve a compliance tick. Security “bolt-ons” are applied to attempt to shore up gaps in security.

Hopefully, we’ll see increased use of cybersecurity professionals earlier in the lifecycle of projects, to build security into designs.

Given the importance of the cyber domain especially during COVID-19, we hope to see early realisation of the promises to share threat information, “situational awareness”, improved education, preparation for cyber incidents, and cyber protection approaches for individuals, businesses and government.