The industry speaks: Federal budget 2024

Last night’s federal budget may have been light on cyber security – and it was, understandably – but there’s still plenty of digital meat on the bone to pick over.

As we always do, here’s how the industry has reacted to Labor’s latest budget effort: the good, the bad, and the ugly.

The good

Dr Ivano Bongiovanni
General manager at AUSCERT

This year’s budget maintains a traditional focus on equipping government departments and agencies with resources to strengthen their cyber resilience. Government departments and agencies, including the Australian [Taxation] Office, Australian Prudential [Regulation] Authority, Australian Securities and Investment[s] Commission, and the Department of Parliamentary Services and independent statutory agencies such as NDIS, received significant budget allocations. While the 2023 budget contained more specific references to the protection of businesses, this budget’s ultimate beneficiaries appear to be citizens, including [those] from more vulnerable groups.

Among the key announcements, $288 million has been allocated to strengthen the capabilities of Australia’s Digital ID program. $40 million has been allocated to support national efforts to aid the safer use of AI. $50 million have been allocated to improve myGov fraud detection capabilities. ASIC will receive funding over the next four years to combat scams and online fraud, with a mandatory industry code to be introduced. Budget commitments to several government departments and agencies, including the Department of Foreign Affairs and Trade and the Australian Sports Foundation, will extend over several years, highlighting an ongoing commitment to boosting Australia’s cyber security capability.

The long-term commitments made in this budget reflect the reality that securing our nation’s information assets is an ongoing program and not a one-off project.

Pieter Danhieux
Co-founder and chief executive of Secure Code Warrior

The proposed Digital ID rollout is – if executed well – a potent measure for curbing the impact of online fraud and identity theft. However, this is a largely reactive component of Australia’s ongoing cyber security strategy, and I fear that we are placing too little funding on proactive, preventative security measures.

VIEW ALL

The recent ClubsNSW breach showed that there is much work to be done in securing the software supply chain of many enterprises, not to mention a key need for education on how software vendors, enterprises and government departments manage and maintain PII as part of their operations. At the moment, those at the coalface of software development and data management – mainly software engineers – need serious upskilling in areas such as access control, configuration, and safe application of APIs. Without this key knowledge becoming standard, data breaches will continue with the same ease we have now, and Australia must commit to do better.

Matthew Lowe
ANZ country manager at LogRhythm

We welcome the government investment into digital wallets but also advise that there needs to be a delicate balance between enhancing consumer benefits while ensuring the highest levels of data security and privacy, especially when highly sensitive personal information is being stored, accessed and shared across government agencies. Government departments can be a hot target for cyber criminals hoping to steal valuable information. This is partly due to the amount of extremely sensitive information held in their databases as well as the significant ramifications that come along with having to shut down government agencies or services.

A trusted digital identity system must be supported by a robust cyber security infrastructure. This includes comprehensive monitoring and logging mechanisms to detect, respond and even predict potential threats promptly. Ensuring continuous oversight and real-time analysis of security events can significantly reduce the time it takes to uncover and mitigate data exfiltration attempts, enhancing the overall security posture. Additionally, implementing a zero-trust architecture, where every access request is thoroughly verified, is crucial. This approach ensures that only authorised individuals and devices can access sensitive information, thereby reducing the risk of unauthorised access.

Ashwin Ram
Cyber security evangelist at Check Point Software Technologies

As with the adoption of any new technology, it is important to understand the associated risks. No doubt, cyber criminals will continually look for ways to exploit any software vulnerabilities on the platforms these services will be delivered. The Check Point Research team, over the years, has identified attacks against several digital wallets, so continual proactive assessments of vulnerabilities must be a priority.

All systems linked to the delivery and usage of digital ID must be considered and secured.

Evan Thomas
Channel director, ANZ, at Armis

The announcement of investment by the Australian government towards AI, including the response and mitigation against national security risks related to AI, is a necessity not just in ensuring local organisations protect valuable data in the current cyber security climate – it is a matter of national security and economic performance.

The measures to support AI policy development, regulation and engagement instil a sense of encouragement, resonating with a robust community of like-minded individuals who want to ensure the responsible development and deployment of AI technologies. However, the inherent challenge lies in the fact that threats extend beyond the boundaries of this community.

By placing cyber security at the forefront of AI development, amplifying “secure by design”, organisations will be compelled to urgently shift their cyber security strategies from reactive to proactive to effectively defend against significant cyber threats.

Craig Nielsen
Vice-president, Asia-Pacific and Japan, at GitLab

The Australian government’s budget announcement of investment into AI regulation underscores the need for action to address emerging AI risks. The regulatory framework we put in place today will help organisations future-proof how they evolve with AI, ensuring they reap the benefits of AI without creating vulnerabilities.

All organisations aiming to benefit from AI must share the responsibility of its ethical adoption, not solely regulators. In order to integrate AI properly, leaders need to assess how AI fits into their broader goals and security and privacy policies. Without the proper guardrails in place, such as how AI tools store and protect data, organisations are vulnerable to security risks, fines, customer attrition, and reputational damage.

Australian organisations must commit to the safe and responsible progress of AI and invest in a privacy-first approach to power a more secure, sustainable, and productive AI journey.

Peter Marelas
Chief architect, APJ, at New Relic

The AI inclusions in the budget announcement overnight are a welcome step forward in ensuring that AI is developed and used in a responsible and beneficial manner. It sets forth a clear vision for the future of AI in Australia, and it provides a roadmap for how different stakeholders can work together to achieve this vision.

The focus on the core principles of safety, security, transparency and accountability is a clear call to action for organisations to start adopting responsible practices. Some of these practices include controlling the way AI systems data is collected and used, while getting visibility in model inputs, outputs, and decision-making processes that can provide a clearer understanding of how AI systems operate.

For any regulatory response to work, a culture of compliance will become a necessity. Implementing full visibility and control across the breadth and depth of the entire AI stack now will enable organisations to get on the front foot with these regulations.

Mathavan Parameswaran
Technology national leader at RSM Australia

Today’s commitments indicate that the Australian government recognises the role the tech sector can play when it comes to improving productivity through innovative technologies and time-saving tools. The focus on clean energy technologies, modernising Australia’s Digital ID system, and upgrades to NDIS Quality and Safeguards Commission’s information technology are a few examples.

As we’ve already seen with the recently announced $940 million commitment towards quantum capability, the Future Made in Australia Act has the potential to shape the tech sector and create opportunities to develop new technologies on Australian shores.

One point to note is that policy announcements don’t mean much until they are acted upon – we now have the Future Made in Australia initiative at a time when many in the tech sector were still waiting to see what grants would flow from the $15 billion National Reconstruction Fund that was meant to be transformational – and still may be, the tech sector waits with eager anticipation.

Steve Bray
Head of ANZ at Cloudflare

The measures announced by the Labor government in the 2024–25 federal budget surrounding Australia’s cyber security are a vital step towards ensuring we track, report, and gauge all cyber attacks on Australian individuals and businesses. The commitment of $206.4 million over the next four years to improve our cyber registers and grow the security posture of our regulators will ensure that critical infrastructure providers for all Australians are fortified against threats. The next step to elevate this strategy is to introduce a cross-industry threat and attack monitoring and alert system, along with simplifying the regulatory framework, to further mitigate damage, enable quick incident response, and ensure compliance.

Our critical national infrastructure, including telecommunication providers, hospitals, and schools, needs to see continued investment in their defences to remain protected and operational in case of cyber attacks. Likewise, providing support to small and medium businesses through $183 million worth of grants is a welcome relief, as tailored support is the most important step to protecting these organisations. Giving them the resources and funding to protect themselves significantly reduces their position as a target for global threat actors.

The investment in cyber security reflects a proactive approach to safeguarding Australia’s digital infrastructure. The Australian government’s budgetary measures on cyber security address current vulnerabilities but also set a solid foundation for a secure digital future, making Australia a leader in cyber security on the global stage.

Adrian Covich
Senior director, technical sales, Asia-Pacific and Japan, at Proofpoint

The creation of a digital Credential Protection Register, coupled with $288.1 million of funding to boost the adoption of the Digital ID system, will be key in helping individuals feel more in control of their data and ensure more accurate reporting on cyber incidents.

As we saw with the [ClubsNSW’s] data breach, it is imperative for organisations to understand how personal identifiable information (PII) is protected by third parties. Credentials are one of the top targets for cyber criminals, and their theft can cause substantial damages for both individuals and organisations. Minimising both how often personal data is shared and the number of people it is shared with is the easiest way to reduce the risk of it falling into the wrong hands or being leaked accidentally.

There is no doubt these measures together will reduce the overall threat risk. However, there is more that can be done to prevent data loss in the first place at an internal level that organisations themselves must take note of. After all, data doesn’t lose itself; people take or mishandle data. In a recent global survey on Data Loss Protection, Proofpoint found that 80 per cent of Australian companies suffer data losses as a result of careless employees. As a result, tackling those insider threats and increasing awareness will require a people-centric approach that goes beyond content to understand context.

Sumit Bansal
Vice-president, APJ, at BlueVoyant

The Australian government’s budget announcement that $39.9 million will go towards safe and responsible adoption of AI is a step in the right direction to ensure that Australia stays ahead of embracing what AI has to offer while also managing the inherent risks of the rapidly advancing technology.

AI brings the ability to create efficiencies by automating tasks and supporting business decision making. The downside of that is security risk. AI systems rely on vast amounts of data, often including sensitive and personal information. Businesses must ensure that proper security measures are in place to reduce the risk of unauthorised access or data breaches. In addition, AI must also be closely monitored to make sure nefarious actors do not change the parameters, which could compromise security. That is why AI needs to be backed by human-led expertise.

We support the government’s initiative to build inclusive and sustainable foundations for AI growth and encourage organisations to collaborate with government and industry when building an AI strategy. Every organisation is different. Where and how to use AI within your business are questions an in-house security team needs to address based on AI skills, cyber security expertise, and depth of knowledge of your security stack and platform. With the right security measures and a proactive approach to risk management, AI processes can increase efficiencies and faster business decision making.

Peter Maloney
CEO, AUCloud

With Australians some of the most connected in the world, with more than 91 per cent of Australians active internet users, safeguarding our nation’s data is not just a duty; it’s a strategic imperative. The 2024–25 federal budget underscores Australia’s commitment to fortify cyber defences and data protection, ensuring resilience for businesses, government, and citizens alike.

As quantum computing emerges as the new frontier, Australia takes a bold step forward with a $472 million investment in PsiQuantum. This isn’t just about innovation; it’s about securing our future in a rapidly evolving technological landscape.

The 2024–25 budget demonstrated proactive stance on cyber threats with investments in digital ID systems, quantum computing, and cyber coordination; we’re not just reacting; we’re shaping the future of cyber security.

The allocation of $206 million to enhance the cyber resilience of regulators and registers sends a clear message: protecting financial systems and data integrity is non-negotiable. In a world of evolving threats, vigilance is our greatest asset.

With $288.1 million dedicated to expanding Australia’s digital ID system, and a further $160.7 million for NDIS cyber upgrades, the 2024–25 budget prioritises protection for new and existing systems.

Australia’s commitment to cyber security extends beyond borders. With over $388.2 million invested in upgrading communications infrastructure and overseas property, we reinforce our position as a global leader in combating cyber threats and securing diplomatic networks.

Shane Ripley
Field chief information security officer, Asia-Pacific and Japan, at Recorded Future

Government budget announcements occur annually, providing a predictable framework. However, what remains unpredictable is the evolving threat landscape.

Rather than viewing this landscape as merely increasing in risk, it’s more accurate to recognise it as continuously changing. Over the past year, we’ve observed a rise in the malicious use of artificial intelligence, from deepfake impersonations of executives to large-scale disinformation campaigns. This year’s budget is encouraging, particularly in its focus on AI-related national security risks. The emphasis should not solely be on the amount of investment but on the government’s commitment to prioritising cyber security and ensuring our defences evolve with technological advancements.

When considering cyber spending, it’s crucial to shift our focus from dollar figures to the actual currency of cyber security: risk. Increased spending doesn’t always equate to increased security; it brings with it the responsibility to manage resources effectively. Recent high-profile data breaches and cyber attacks underscore the imminent nature of these threats. The value of cyber security cannot be quantified in monetary terms alone. Demonstrating a tangible reduction in risk is the true measure of success. Ultimately, technology’s role is not about spending more but about strategically managing and mitigating risk while adapting to changes.

Scott Hesford
Director of solutions engineering, Asia-Pacific and Japan, at BeyondTrust

In light of the ongoing cyber risks facing the financial services and insurance sector, the announced budget investments in the Australian Prudential Regulation Authority (APRA) are welcomed.

While it is unclear how the additional funding will be invested, it is important to help the sector uplift its cyber resiliency. In particular, the way that third-party suppliers interact with key systems and data of financial services organisations needs greater security to limit the blast radius and paths to privilege should those suppliers get breached.

The targeting by threat actors of organisations that hold financial and sensitive personal information will continue. It is important the government continues to promote and reinforce best practices across the sector with cyber security being a key consideration.

Rob Marchiori
Country Lead at Cognizant Australia

The Federal Budget 2024-2025 focus on the Future Made in Australia initiatve highlights the Government's commitment to strengthening or creating modern local industries. The desire to increase a self-sustaining ecosystem that boosts economic independence, local innovation, and minimises the risk of reliance on international supply chains is understandable.

The Budget recognises that one of the challenges of investing in very sophisticated industries, such as quantum computing and AI, is effectively managing and cultivating the critical digital talent needed to build and make them successful. For example, the Budget provides $38.2 million for a range of STEM programs, $10.0 million to establish a National Hydrogen Technology Skills Training Centre, and $8.7 million to provide analysis, oversight, and implementation of renewable energy opportunities and critical minerals.

These numbers are commendable, but as a country without a large and complex industry base, Australia needs to improve how it manages and attracts highly skilled talent, from enhancing career progression and training to attracting and retaining them. A long-term commitment to be at the forefront of promising technological sectors, such as quantum computing and AI - in addition to building a sustainable future - is critical.

Similarly, It’s great to see the investment in quantum computing and cybersecurity, as well as the $39.9 million over five years to support the adoption of artificial intelligence (AI) in the 2024-2025 Federal Budget. These are critical areas that deserve attention and support.

However, there was potential to give more attention to artificial intelligence, from training and education to research and development. We need to ensure that industries that can strongly benefit from AI – such as healthcare, manufacturing, and financial services – have incentives to do so. More attention could also have been given to helping our workforce adapt to the changes anticipated by AI integration and ensuring we have the skills needed to develop this area.

Josh Doolan
Managing Director of Endava Australia

The 2024-25 Federal Budget announcement by the Australian Government presents a pragmatic approach to fostering economic growth and innovation through targeted investment in emerging technologies that have the potential to make real human impact. Strategic investments in Artificial Intelligence (AI), digital transformation, clean energy workforce development, and STEM diversity are essential for building a resilient and competitive economy.

Australia is in a unique position where we can build leadership in AI and Quantum innovation by responsibly developing the capabilities and integration opportunities of these technologies. Bringing new levels of intelligence and synergy to industries, technology like agentic AI can be a game changer to solve complex industry challenges, optimise processes and deliver unprecedented value to businesses and customers. And, as they continue to evolve, if the Government continues prolonged investment, we can propel Australia to the forefront of the sector.

Off the back of the Future Made in Australia investment, improved skills and talent access will be the key to supporting the country's growth in renewable and sustainable energy industries. In doing this, we can ensure long-term economic growth, foster inclusivity, address critical shortages, and ensure that all Australians have the opportunity to participate in - and benefit from - the technological advancements these initiatives promise to deliver.

Niel Pandya
APAC Business Development Lead for Cyber Security at OpenText Cybersecurity

The recent Australian Federal Budget outlined significant investments in national defence and cyber security, including funds dedicated to enhancing the data capability and cyber security of APRA and ASIC, and to modernising legacy systems. This is a positive step towards strengthening our cyber resilience. To further bolster national security, adopting a Joint All Domains Operations (JADO) approach is recommended. This strategy integrates cyber security across Sea, Land, Air, Space, and Cyberspace, enhancing situational awareness and fortifying defences against state-sponsored attacks. It also accelerates C4ISR capabilities, enabling secure and efficient communication and data exchange across all forces.”

Moreover, tailored tax breaks and incentives for different sectors could drive digital transformation and innovation, addressing specific cyber needs while supporting broader initiatives like climate control. Leveraging the Five Eyes alliance for signal intelligence can further aid in identifying the right technologies and improving adoption. Overall, the budget's commitment to cyber security is commendable. Continued focus and detailed allocation in future budgets will ensure robust national cyber defences and the protection of all Australians.”

The bad

Shane Maher
Managing director at Intelliworx

Since the last federal budget, which announced $23.4 million in support for small businesses to build cyber resilience, we’ve noticed two major developments: endemic cyber security attacks across the Australian economy and a watering down of Australia’s cyber security rhetoric.

The Treasurer did not mention cyber security in his speech, or even technology for that matter. Digging deeper, the budget strategy and outlook only made three mentions of cyber security in reference to upgrading Australian communication infrastructure, investments in Services Australia, and defence. When it comes to business, particularly small business, this government has moved on to other things.

And given the cost-of-living crisis and the pressure for fiscal constraint, we get it. But we’d also like to see the government pair the Cyber Wardens Program with either grants for small businesses to upgrade their cyber security capabilities or mandate standards.

The feeling on the ground is the government’s Cyber Security Strategy has not filtered down to small businesses. Meanwhile, a shortage of cyber security professionals will only push up the cost of improvements.

Gordon Brock
NSW director at Professionals Australia

The budget’s significant and timely nation-building investments in climate, housing, defence, industry, and infrastructure are commendable. Additionally, investments in technology and the digital economy, such as the Digital ID Scheme MyGov, will create new high-skill STEM jobs that support living standards.

However, delivering this vision will require a significant uplift in the skills and capabilities of the Australian public service. Remuneration frameworks will need to be updated to introduce a separate technical and specialist classification to ensure the APS is competitive with the private sector for professional skills. The APS-wide average staffing level (ASL) cap also needs to be abandoned to ensure we remove unnecessary bottlenecks and have a sufficient number of people, with the necessary skills in the right jobs across our agencies, regulators and government departments.

In allocating resources to skills training, R&D, and procurement connected with these investments, every effort must be taken to strengthen women’s equitable participation in the STEM workforce.

Liam Dermody
Director of threat analysis, ANZ, at Darktrace

Last year the federal budget included considerable investment in the technology sector, specifically cyber security, with the release of the National Cyber Security Strategy. We would have liked to see the government maintain this momentum, and take continued steps to help organisations protect themselves and the people they serve, such as by continuing to invest in training of cyber security professionals and educating end-users about cyber security.

We know from our recent State of AI Cybersecurity 2024 report that 74 per cent of security professionals believe AI-augmented threats are already having an impact on their business and insufficient knowledge or lack of personnel were the major inhibitors to defending against these attacks. The government should help to upskill Australians and to solve this skills gap before we fall too far behind the attackers.

We know that artificial intelligence is the hot topic in technology at the moment, but we need to see more funding put into making the day-to-day use of it a reality for Australians. AI has the power to automate the mundane tasks that bog us down every day at work and free Australians’ time, allowing us to be more strategic and proactive in our work. We see this in cyber security all the time. Once AI cyber security is implemented, it frees up time for the security team and allows them to move from a reactive approach to a proactive approach, not waiting for an attack to happen to defend their organisation, but proactively looking for vulnerabilities and upskilling team members, making their organisations safer.

David Hayes
Regional director ANZ at Arctic Wolf

It was disappointing to see that cyber security measures failed to include Australia’s cyber security action plan, particularly as the severity and frequency of cyber attacks on Australian businesses has continued to drastically increase, along with 20 per cent rise in average ransoms as reported by our threat team.

Nicole Quinn
Head of Government Affairs, APAC, at Fortinet

The budget didn't really recognise the full ecosystem of skills training for the IT sector. While it spoke to increasing higher education opportunities there was nothing notable with regards to microcredentials, which is particularly important in cyber security and IT. For example, support for students who undertake courses outside of traditional university environments, or micro-credentialling as it is known, is going to be critical in creating a well-rounded workforce capable of tackling cyber threats head-on. In addition, the focus on cyber security skills training and awareness needs to be extended beyond home affairs and the industry itself and into all government portfolios, policy, and spending to introduce citizen-wide campaigns and education as cybercrime continues to rise.

The ugly

Chris Sharp
CEO at Pax8 APAC

There was a pretty significant word missing from the federal government’s budget speech last night: cyber.

While the announcement rightly and proficiently broke ground on the cost-of-living crisis, the oversight to communicate, let alone significantly invest, in Australia’s cyber defences sleepwalks over the financial challenges of our small to medium businesses – the great section of our economy, most devastated by the financial repercussions of cyber crimes.

The problem is, even despite the recent flurry of media headlines, many SMBs remain blissfully unaware of how or why they can and should be improving their cyber defences. But it’s not their fault. Rhetoric is typically focused on “big business” attacks, leaving SMBs thinking, “We’re too small, our data doesn’t matter.”

Often, SMBs don’t know how to start conversations, nor who to turn to. Working alone makes the cost of cyber security defences untenable, but it doesn’t have to be this way. For the price of a cappuccino per employee, all businesses can fortify themselves against threats. But they need a government that consistently recognises the cyber crisis and dedicates resources [to] get them started on becoming government compliant, fighting increasing cyber insurance premium costs, and protecting their critical data.

Mark Thomas
Director of Arctic Wolf Security Services ANZ

The SMB sector is the engine of Australia’s economy, so it was disheartening to discover last night’s budget announcement demonstrated a lack of extra funding for Australia’s cyber strategy’s accompanying action plan, despite the cancellation of the Cyber Hubs program, the only flagship cyber uplift initiative, at the end of last financial year.

Rob Hotchin
Country Manager at Privy Australia

In the release this week of the 2024/25 Federal Budget, $288.1 million has been set aside to expand Australia’s Digital ID system. It seems the frequency of recent data breaches has prompted a quick but perhaps arbitrary allocation of funds to quell public frustration, which may score political points, but does little to clarify the expansion of the current framework.

At face value, an allocation of $288.1m might sound like an amount of money that can create an impact. Given the Federal Government's track record on consulting expenses, however, I'm sure I'm not alone in my pessimism about how much this money will be spent on an efficient orchestration of the development of resources that can actually build digital infrastructure, rather than fueling a bunch of lofty white papers.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.