Australia - Country Commercial Guide
Cybersecurity
Last published date:

Overview

The Australian Information and Communications Technology (ICT) market is valued at approximately US$112 billion. The information technology (IT) services industry accounts for approximately one third of the total IT market and is valued at nearly US$23.5 billion. The Australian ICT market is mature with many multinational technology companies active in the local market.

According to a recent report release by Causticizer, the Australian cybersecurity market was valued at US$5 billion in 2022 and will grow to US$5.8 billion by 2024. The local cyber market is growing at over 8% annually. Much of the growth can be attributed to emerging digital threats, increased exposure to cyber risk, corporate reaction to increased regulation of cyber risk, and business’ evolution to consolidate a digital business strategy. A recent report by the Australian Cyber Security Growth Network entitled Cyber Security Sector Competitiveness Plan suggests that over the next decade, the Australian cyber market has the potential to triple in size.

The Australian government has identified cyber security as one of the six industry sectors considered vital for the long-term prospects of the Australian economy. According to the International Telecommunications Union Cyber Index, Australia ranks as the world’s seventh most committed cyber security country. Australia’s cyber maturity is the second highest in the Indo-Pacific.

There is strong demand in Australia for cyber security services as many public and private companies lack the internal expertise to adequately and comprehensively secure their IT assets. This trend will grow over the next decade as companies will place an even greater reliance on outsourced security vendors to provide digital security solutions on their behalf.

American and Israeli companies make up the majority of the import market for IT security solutions (and the majority of the whole market). 60% of all imported solutions are of US origin and approximately 20% originate from Israel.  US companies are widely recognized as providing industry leading solutions and are well respected in the local market. In addition, Australian and American defense forces have a very strong working relationship, and if a product is approved for use with the U.S. military, the approval process for adoption by Australian counterparts is typically much simpler.

As much of the demand for cyber products and solutions is supplied by foreign vendors, it is no surprise that Australian companies do not feature in the list of the top 15 security software vendors in the local market. Australian companies only feature in a significant way in the supply of services and acting as channel partners for overseas vendors to supply specific and niche security service expertise. AustCyber suggests that one quarter of the revenue generated in the Australian cyber market is attributable to small-to-medium sized enterprises (SMEs).

As the following table shows, of the US$5 billion total local spending on cyber security products and solutions in 2022, US$2.4 billion is derived from imports from companies that don’t have a core team in Australia, US$2.9 billion is a combination of local companies and from local subsidiaries of foreign vendors and about US$470 million in solutions and services is exported out of Australia.

Cybersecurity Market Size, million USD

Table: Cybersecurity Market Size, million USD
 2020202120222023 (Estimated)
Total Local Production2,8002,9502,9802,980
Total Exports470470470470
Total Imports19002,0602,4002,790
Imports from the US1,0301,0501,9081,990
Total Market Size4,2304,54055.3

(Total market size = (total local production + imports) - exports)

Unit: US$ Millions

In the end-user market, the federal government – including healthcare, social care, education, and defense – is the largest market for cyber sales, accounting for over 30 percent of all cyber security sales. In the corporate market, financial service firms – ANZ, NAB, CBA, Westpac, AMP, amongst others – are the largest users of cyber products. It appears that they spend more on average than most other financial institutions on a global scale. According to a recent report by industry group IDC, the cyber spend by Australian government agencies, and telecommunications, education, professional services, and transportation companies, is also greater than their counterparts in other countries.

Australian Government’s Cyber Security Posture

The Australian government’s cyber security capabilities are housed under the umbrella of the Australian Cyber Security Centre (ACSC). The ACSC works with government and business to reduce the cyber security risk to Australian government networks, and networks of national interests. It also acts to enable a more comprehensive understanding of cyber threats and sharing information to both government and private sector alike.

The ACSC houses the cyber security efforts of the Australian Signals Directorate (ASD), Computer Emergency Response Team (CERT) Australia, the Defence Intelligence Organisation (DIO), the Australian Criminal Intelligence Commission (ACIC), the Australian Federal Police (AFP), and the Australian Security Intelligence Organisation (ASIO).

In April 2021, the federal government released Australia’s International Cyber and Critical Technology Engagement Strategy, seeking to guide Australia’s whole-of-government international engagement across the spectrum of cyber and critical technology issues. The definition of critical technologies includes cyberspace, artificial intelligence (AI), 5G, Internet of Things (IoT), quantum technology, and synthetic biology.

Leading Sub-Sectors

Mobile device penetration is very high in Australia and banks are spending significant amounts of money to enable mobile banking applications. As such, the demand for mobile security solutions such as threat detection, end-point penetration, and authentication tools will be strong over the next few years. The rise of the IoT will ensure that end-point security will also be critical. The increase in compliance and regulation around data security will mean that reporting and compliance tools will also be in strong demand.

Opportunities

Overall, the market for cyber services will remain strong over the next decade as Australian companies outsource the supply of security solutions.  Much of the desire to outsource is driven by a labor shortage of cyber professionals in Australia. It’s expected that we will see increased demand for machine learning and AI solutions in the local market.

Thanks to the Australia-U.S. Free Trade Agreement, there are no tariffs on the importation of software. A goods and service tax (GST) is levied on the landed value of goods imported into Australia. GST is also applicable to services that are carried out in Australia, but not on services that are carried out remotely.

Resources

Australian Information Industry Association

Australian Reseller News

CIO

MILCIS – Military Communication & Information Systems Conference (15-17 November 2022)

Australian Government Cyber Security Industry Advisory Committee