Australia - Country Commercial Guide
Cybersecurity

This is a best prospect industry sector for this country. Includes a market overview and trade data.

Last published date: 2021-08-16

Overview

The Australian Information and Communications Technology (ICT) market is valued at approximately US$ 112 billion. The information technology (IT) services industry accounts for approximately one third of the total IT market and is valued at nearly US$23.5 billion. The Australian ICT market is mature with many multinational technology companies active in the local market.

According to a recent report release by Causticizer, the Australian cybersecurity market was valued at US$4.3 billion in 2020 and will grow to US$5.8 billion by 2024. The local cyber market is growing at over 9% annually. Much of the growth can be attributed to emerging digital threats, increased exposure to cyber risk, corporate reaction to increased regulation of cyber risk, and business’ evolution to consolidate a digital business strategy. A recent report by the Australian Cyber Security Growth Network entitled Cyber Security Sector Competitiveness Plan suggests that over the next decade, the Australian cyber market has the potential to triple in size.

The Australian government has identified cyber security a one of the six industry sectors considered vital for the long-term prospects of the Australian economy. According to the International Telecommunications Union Cyber Index, Australia ranks the world’s seventh most committed cyber security country. Australia’s cyber maturity is the second highest in the Indo-Pacific.

Locally, there is strong demand for cyber security services as many public and private companies lack the internal expertise to adequately and comprehensively secure their IT assets. This trend will grow over the next decade as companies will place an even greater reliance on outsourced security vendors to provide digital security solutions on their behalf.

American and Israeli companies make up the majority of the import market for IT security solutions (and the majority of the whole market). 60% of all imported solutions are of US origin and approximately 20% originates from Israel.  US companies are widely recognized as providing industry leading solutions and are well respected in the local market. In addition, Australian and American defense forces have a very strong working relationship, and if a product is approved for use with the U.S. military, typically the approval process for adoption by Australian counterparts is much simpler.

As much of the demand for cyber products and solutions is supplied by foreign vendors, it is no surprise that Australian companies do not feature in the list of the top 15 security software vendors in the local market. Australian companies only feature in a significant way in the supply of services and acting as channel partners for overseas vendors to supply specific and niche security service expertise. AustCyber suggests that one quarter of the revenue generated in the Australian cyber market is attributable to small-to-medium sized enterprises (SMEs).

As the following table shows, of the US$4.3 billion total local spending on cyber security products and solutions in 2020, US$1.9 billion is derived from imports from companies that don’t have a core team in Australia, US$2.8 billion is a combination of local companies and from local subsidiaries of foreign vendors and about US$235 million in solutions and services is exported out of Australia.

Cybersecurity Trade Data 201802021

 

2018

2019

2020

2021 (Estimated)

Total Local Production

2,000

2,300

2,400

2,800

Total Exports

200

230

225

235

Total Imports

1,400

1,800

1,880

1,900

Imports from the US

820

950

970

1,050

Total Market Size

3200

3,870

3,900

4,300

(total market size = (total local production + imports) - exports)

Unit: US$ Thousands

In the end-user market, financial service firms – ANZ, NAB, CBA, Westpac, AMP, amongst others – are the largest users of cyber products in the Australian market. Collectively, the segment accounts for one third of Australia’s IT security demand. It appears that they spend more on average than most other financial institutions on a global scale. According to a recent report by industry group IDC, the cyber spend by Australian government agencies, and telecommunications, education, professional services, and transportation companies is also greater than their world counterparts.

Australian Government’s Cyber Security Posture

The Australian government’s cyber security capabilities are housed under the umbrella of the Australian Cyber Security Centre (ACSC). The ACSC works with government and business to reduce the cyber security risk to Australian government networks, and networks of national interests. It also acts to enable a more comprehensive understanding of cyber threats and sharing information to both government and private sector alike.

The ACSC houses the cyber security efforts of the Australian Signals Directorate (ASD), Computer Emergency Response Team (CERT) Australia, The Defence Intelligence Organisation (DIO), the Australian Criminal Intelligence Commission (ACIC), the Australian Federal Police (AFP), and the Australian Security Intelligence Organisation (ASIO).

In 2020, the federal government released Australia’s Cyber Security Strategy aimed at, with industry consultation, a more secure online world for Australian businesses, consumers, and essential service providers. In April 2021, the federal government released Australia’s International Cyber and Critical Technology Engagement Strategy, seeking to create an environment that embraces innovation while avoiding and mitigating risks.

Leading Sub-Sectors

Mobile device penetration is very high in Australia and banks are spending significant amounts of money to enable mobile banking applications. As such, the demand for mobile security solutions will be strong over the next few years, these include threat detection, end-point penetration and authentication tools. The rise of the Internet of Things will ensure that end point security will also be critical. The increase in compliance and regulation around data security will mean that reporting and compliance tools will also be in strong demand.

Opportunities

Overall, the market for cyber services will remain strong over the next decade as Australian companies outsource the supply of security solutions.  Much of the desire to outsource is driven by a labor shortage of cyber professionals in Australia. It’s expected that we will see increased demand for machine learning and AI solutions in the local market.

Thanks to the Australia-U.S. Free Trade Agreement, there are no tariffs on the importation of software. A goods and service tax (GST) is levied on the landed value of goods imported into Australia. GST is also applicable to services that are carried out in Australia, but not on services that are carried out remotely.

Resources

  • Australian Information Industry Association
  • Australian Reseller News
  • CIO
  • MILCIS – Military Communication & Information Systems Conference (10-13 November 2020)
  • Australian Government Cyber Security Industry Advisory Committee