The Australian Cyber Network (ACN) has called for more direct engagement with cyber security professionals by the government in its first State of the Industry Report.
The ACN State of the Industry Report 2024 aims to provide a snapshot of Australia’s cyber security industry to support decisions about the development of cyber security products, services, workforce and investment.
It is sponsored by UQ Cyber Research Centre, University of Queensland and Recorded Future, and supported by ACN’s Foundation Member Tesserent | Cyber Solutions by Thales.
The ACN, a not-for-profit cyber security industry body, regarded the passage of the Cyber Security Act as a “defining success of 2024”, but called for “more direct engagement with businesses and cyber security professionals, "not just government agencies, the Executive Cyber Council and the ‘big end of town’.”
In its view, the nation’s Executive Cyber Council has been “dominated by representatives from large corporations and government-aligned stakeholders”.
“While engaging across all sectors is critical, the absence of subject matter experts, such as cyber security founders or those from specific cyber disciplines from the cyber security industry, raises serious concerns,” it stated.
“The voices of the professionals who deal with cyber threats daily, develop protective measures and understand the evolving risk landscape firsthand have been largely excluded from strategic decision-making.”
A Departmental spokesperson told techpartner.news that the Council members were appointed in November 2023 for two-year terms.
"The Executive Cyber Council (The Council) brings government and industry leaders together to share strategic insights, exchange threat intelligence to address emerging challenges, and facilitate broader participation in national strategic cyber security priorities," the spokesperson stated.
The current Council includes representatives from the banking, supermarket/retail, telecommunication, transport and technology sectors.
Working groups were established under the Council to facilitate broader collaboration and partnerships across industry, including beyond the Council membership.
"Threat is outpacing the implementation"
“We support the government’s Cyber Security Strategy," stated ACN chair Jason Murrell, who is also chair of the SMB1001 steering committee at Dynamic Standards International, which created the SMB1001 security certification standard.
"But the threat is outpacing the implementation. This is not just an industry issue. It’s a national security issue that demands national leadership.”
The ACN was unhappy that cyber security had been absent from national policy debates during the federal election cycle.
“This silence is a risk in itself. Cyber is a strategic domain. It affects trust in government, the safety of citizens and the viability of supply chains. We have got the strategy, now we need the urgency, action and visible political priority," Murrell stated.
The ACN also wants more transparency about the progress of Australia’s Cyber Security Strategy. It wants a publicly accessible, detailed progress report outlining what has been achieved each year, a funding breakdown, and metrics and tracking mechanisms to measure success (or failure) in each of the six 2023–2030 Cyber Security Strategy “shields”.
Departmental officials provided evidence to the Legal and Constitutional Affairs Legislation Committee on 24 February 2025 on progress in implementation of the Cyber Strategy. This included that of the 60 initiatives under the Horizon 1 Action Plan, 29 were completed or in sustainment and 31 were progressing on track.
"Current approach isn’t working"
Company “cultural change” was lagging, according to ACN Board Member Annie Haggar.
“This report shows that 69 per cent of Australian businesses were hit by ransomware last year. That’s not just a worrying statistic, it’s a signal that the current approach isn’t working. We still see fear, silence and legal risk driving decisions after incidents,” she stated.
“If we want to build national resilience, we have to normalise transparency and treat cyber as a shared responsibility, not a private embarrassment.
“The new limited use protections in the Cyber Security Act are designed to foster a culture of disclosure which will ultimately help us all to understand and address cyber risk as a nation.”
Data lacking
The ACN encountered data availability challenges in creating its report.
It found 302 Australian cyber security companies. A quarter of these reported providing professional and consulting services such as governance, risk and compliance assessments. Managed Security Service Providers (MSSP) and Security Operation Centres (SOC) each accounted for five per cent of the companies. Managed Service Providers (MSP) with ‘bolt-on’ cyber security products accounted for nine per cent.
The report covers the cyber security workforce, revenue and other aspects of the industry and demand.
According to the ACN, Australia's cybersecurity industry contributed nearly $10 billion to the economy in 2024.
It estimated that cyber security revenue reached $6.13 billion in 2024, a 9.66 per cent increase.
The ACN estimated that the industry supports more than 137,000 jobs nationwide, with employment forecast to grow 41 per cent by 2029.
A quarter of cyber professionals identified as women, up from 17 per cent in 2021, according to the ACN's researchers.
[This story has been updated to include a Department spokesperson's response and to add information about evidence provided on the progress of implementation of the Cyber Strategy.]
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
