The Federal Government launched its Cyber Security Sector Competitiveness Plan on 20 April, kicking off an initiative aimed at strengthening the Australian cyber security sector and boosting overall revenue in the sector locally.
According to the government, the new plan will help Australia’s cyber security solutions sector realise its full potential in a rapidly-growing global market, expected to be worth US$170 billion by 2020.
The initiative, drawn up by the Australian Cyber Security Growth Network (ACSGN) is expected to help triple the size of the country’s cyber security revenue from about $2 billion to $6 billion in the next decade.
It’s a grand plan that will likely provide a generous boost to Australian cyber security vendors while potentially giving local partners greater scope to tap into local cyber security solutions.
But how do we get there?
Well, according to the ACSGN, there are at least three core factors standing in the way of growth in the sector: inefficient research and commercialisation; a constraining market environment; and a local skills shortage.
Funding, research and commercialisation
While Australia demonstrates top-notch cyber security research capabilities, according to the ACSGN, there are signs the current system of research and commercialisation is inefficient.
“Scattered public funding for cyber security research and development weakens the country's ability to lead on innovation,” the plan stated. “Limited collaboration between the research community and the private sector further undermines the commercialisation of basic research ideas into marketable solutions.
“Developing the most effective technologies is resource intensive, and requires firms and research institutions to invest heavily in R&D [research and development] to unearth new ideas and collaborate for their commercialisation,” it said.
To overcome barriers to research and commercialisation, the ACSGN suggests that governments can support such efforts in a number of ways, either directly through research grants and targeted funding programs or indirectly via R&D tax incentives.
According to the organisation, there are signs that Australia could increase the firepower of its public spending on cyber security R&D, simply by making better use of existing funding channels. At the same time, Australia’s existing strength in certain verticals could be leveraged to help elevate the country’s cyber security standing.
“Australia should also consider the opportunity in cyber security to build on our other national sector strengths, such as resources and financial services,” the plan said. “By building products and services that address the specific cyber security needs of these sectors, Australian firms can develop distinctive, competitive offerings for global marketplace.”
The second core factor standing in the way of growth in the sector, as outlined by the ACSGN, is constraints in the local market environment, which could be remedied in a number of ways, the plan suggests.
“Insights gained from expert interviews undertaken to develop this plan and public tender data signal that the current market environment constrains the growth prospects of smaller Australian cyber security businesses and startups,” the plan stated.
According to the government, total expenditure on cyber security amounts to about $4.3 billion, equivalent to around five per cent of the entire Australian information technology sector.
At the same time, much of Australia’s demand and employment in the sector is dominated by outsourced cyber security services, with more than three-quarters of this market controlled by foreign firms, while software and hardware markets are also dominated by imports.
The ACSGN suggests that changes in the government’s procurement guidelines and enforceable rules could help level the playing field more effectively, and give smaller, local players a greater chance to win local public sector work.
“Strict procurement rules oblige many government agencies and private-sector companies to engage only cyber security providers with a proven track record of fulfilling complex and sizeable security tasks,” the plan said. “These internal procedures typically work in favour of large cyber security companies, while startups frequently miss out.
“Many small, emerging cyber security firms lack the resources to deliver large-scale projects, particularly when they cover multiple product and service areas like government contracts often do.
“Government agencies often search for providers who are capable of meeting a variety of security and other ICT needs at once—a tendency that is clearly reflected in the scope of government contracts, which are among the most valuable in the market,” it said.