Stay in the know
We’ll send you the latest insights and briefings tailored to your needs
As the dust settles on the 2023-24 federal budget, we thought it would be useful to see how the Government is following through on prioritising Australia’s cyber resilience. Given cyber risks manifest in various ways, budget initiatives targeted just to cyber security areas may not capture the full extent of investment needed - for example, privacy reforms or regulator funding may address cyber risk as well as specific funding areas like cyber coordination and anti-scam funding.
But on to the numbers. The budget papers show a total of $101.6 million allocated to building cyber resiliency across the private and public sectors, $45.2 million allocated to enhancing privacy protection and enforcement, and some $2 billion in total allocated across our digital economy.
Hot on the heels of recent regulatory reform (including some substantial privacy penalties – how many of us have run the maths on "30% of the body corporate’s adjusted turnover during the breach turnover period for the contravention"?), the budget measures suggest that a level of improved efficiency and enhanced enforcement is on the way.
This briefing provides a quick and easy guide to the Budget’s key cyber and 'cyber-related' initiatives:
Reform of the Privacy Act 1988 (Cth) |
$0.9 million allocated over two years for the Attorney General’s Department to progress its review of the Privacy Act. This will also enable the Department to support a separate independent review of the Act's Privacy (Credit Reporting) Code 2014 (as required by the Act every four years) to ensure the Code remains fit for purpose in the evolving credit reporting landscape. |
Standalone Privacy Commissioner and investment in the Office of the Australian Information Commissioner (OAIC) |
$44.3 million allocated (and $8.4 million per year ongoing) to support the recently announced role of a standalone Privacy Commissioner to focus on data security threats and the growing number of privacy risks in the digital age. Until now, the combined ‘Information Commissioner and Privacy Commissioner’ role has been responsible for privacy, freedom of information and Government’s information management. Funding also supports continuation of OAIC investigation and enforcement action, and enhancing its data analytics capability. |
Security of critical infrastructure assets |
$19.5 million allocated over five years to “continue work to improve the security of critical infrastructure assets, and assist owners and operators to respond to significant cyber attacks”. It is unclear if this will be allocated to the Cyber and Infrastructure Security Centre within the Department of Home Affairs (the Centre drives Australia’s critical infrastructure regime in partnership with the Government, industry and broader community). |
National Cyber Security Coordinator |
$46.5 million allocated over four years ($11.8 million per year ongoing) funding a new cyber coordination role announced by Government in February this year. The individual who takes up this post will play a central role in responding to cyber attacks in Australia, and coordinating the Government’s efforts to strengthen national cyber resiliency. |
Expanding the Digital ID program |
$26.9 million allocated over the next year to sustaining and enhancing the Digital ID program designed to make identity verification safer and easier, and to minimise data collection. This includes $24.7 million to maintain the current system and to design the policy/legislation to support an economy-wide Digital ID ecosystem with an independent regulator. It also includes $1.1 million for the OAIC to provide ongoing program privacy assurance. |
Consumer Data Right (CDR) |
$88.8 million allocated to support the CDR across banking, energy and the non-bank lending sectors. Funding includes uplifting cyber security and creating channels for consumers to authorise, manage and facilitate actions related to their data. |
Office of the eSafety Commissioner |
An additional $134.1 million allocated over four years ($33.7 million per year ongoing) to fund the Office’s continued education, outreach and investigatory activities. |
Small business cyber resiliency program |
$23.4 million allocated over three years to launch a ‘Cyber Wardens’ program aimed at building in-house cyber capability and training 50,000+ individuals (a clearly important area given the important role small and medium businesses play in the economy and that some statistics suggest these businesses are targeted in 60% of all cybercrime). |
Commonwealth entity cyber resilience |
$12.2 million allocated over five years to continue providing Commonwealth entities with cyber monitoring, detection, and response services, and enable continued assessment/certification of third parties used to host Commonwealth entity data. |
Scams and online fraud counter measures | $86.5 million over four years to address scams and online fraud. This includes $58 million to establish a National Anti-Scam Centre within the Australian Competition and Consumer Commission (ACCC), $17.6 million for the Australian Securities and Investments Commission (ASIC) to take down investment scam and phishing websites, and $10.9 million to establish a SMS Sender ID Registry tackling scams imitating businesses and the Government in text message headers. |
Digital transformation in Government |
Over $2 billion invested in the Government's data and digital capability, in order for it to deliver people and businesses with easy, accessible and secure services. This includes work to modernise outdated legacy platforms and IT systems. |
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2024
We’ll send you the latest insights and briefings tailored to your needs