In a recent post, The Australian Cyber Risk Insouciance, I commented on an article from the Australian Financial Review (AFR), which reported that the Australian Government would not understand the cyber risks faced by the nation. They would not spend enough on cyber security to manage the risks adequately. They would then consequently expose the country to an unacceptable level of risk. The AFR article quoted some experts urging the Australian Government to spend more on cyber security. I concluded the post with 6 follow-on questions. The first question was “How much is the Australian Government currently spending on managing the nation cyber risk?”, which I have researched and report on below.
The Australian Government budget review for 2016–17, published in May 2016, provides the answer. It itemises the budget for Cybersecurity, which outlines the funding details for the cybersecurity initiatives identified in Australia’s cyber security strategy: enabling innovation, growth & prosperity (21 April 2016). The budget in question covers new initiatives, pre-existing initiatives and re-badged initiatives.
The overall Federal Government funding for Cyber Security includes 2 mains components:
- Australia’s Cyber Security Strategy (public domain & direct economy protection focus): $230M for 4 years.
- Defence cyber security program (more cyber-warfare focused): $300M-$400M for 10 years to improve Defence’s cybersecurity capabilities. Some details can be found in the 2016 Defence White Paper (e.g. “include considerable new investment in strengthening the Defence cyber workforce, including new military and APS positions and training programs”).
While the actual expenditure is likely to vary year on year, an average would be $97.5M per year (with the upper range of the Defence component factored in).
In comparison, the Government is forecasting a total spending of $450.6Bn in 2016-2017 (source). Cyber Security spending is understandably a mere fraction of the total Government expenditure.
- $38.8 million for the ‘national cyber partnership’ (incl. Australian Cyber Security Centre relocation & funds to sponsor industry stakeholders’ engagement).
- $136.1 million for improving cyber defences (incl. $15M for small businesses access to security testing, best practice development, etc.).
- $6.7 million for ‘global responsibility and influence’ (incl. Australia’s new Cyber Ambassador international relationships).
- $38 million for ‘growth and innovation’ (incl. Cyber Security Growth Centre and CSIRO contributions).
- $10 million towards the ‘cyber smart nation’ initiative (incl. public awareness campaigns, establish Academic Centres of Cyber Security Excellence, etc.).
Aside of the 2016 Defence White Paper, I didn’t find any further details for the Defence component (perhaps expectedly).