Government releases 2020 Cyber Security Strategy

10 August 2020

The Morrison government has released its 2020 Cyber Security Strategy which commits $1.67 billion to enhance Australia’s cybersecurity and law enforcement capabilities over the next decade.

Key priorities in the 52-page strategy include proposed new laws and an “enhanced regulatory framework” which aims to secure critical infrastructure and to protect Australians at scale.

The framework will be implemented through amendments to the Security of Critical Infrastructure Act and is expected to extend to systems of national significance.

Government will use its “classified” national situational awareness capability to respond to threats against critical infrastructure, while critical infrastructure operators will be able to share malicious cyber activity with government through a new cyber threat-sharing platform. A legislated cyber security baseline across the economy is also being considered.

The strategy also outlines initiatives for large businesses to assist small and medium enterprises (SMEs) enhance their cyber security capabilities through providing ‘bundles’ of secure services such as threat blocking and antivirus mechanisms. SMEs will also have access to online training and a 24/7 helpdesk for cyber security advice or assistance.


Over the next 10 years government will invest $1.67 billion in cyber security to:

  • Protect and actively defend the critical infrastructure that all Australians rely on, including cyber security obligations for owners and operators
  • Introduce new ways to investigate and shut down cybercrime, including on the dark web
  • Implement stronger defences for Government networks and data
  • Engage in greater collaboration to build Australia’s cyber skills pipeline
  • Use mechanisms to increase situational awareness and improve sharing of threat information
  • Build stronger partnerships with industry through the Joint Cyber Security Centre program
  • Provide advice for small and medium enterprises to increase their cyber resilience.
  • Deliver clear guidance for businesses and consumers about securing Internet of Things devices
  • Operate a 24/7 cyber security advice hotline for SMEs and families
  • Improve community awareness of cyber security threats.

Australia’s increasing use of technology

As a predominantly services-based economy underpinned by technology, Australia is becoming increasingly dependent on access to technology and data networks and the development of new innovations that are protected from cyber risks.

Cyber ‘attacks’ more prevalent across all spheres of government, business and society. The level of sophistication continues to increase, and the impact of such attacks can be catastrophic, especially in the context of highly sensitive sectors such as defence, as well as healthcare, infrastructure and personal security.

The expansion of internet-capability beyond computers and mobile phones into other cyber-physical or ‘smart’ systems is extending the threat of remote exploitation to a host of new technologies which underpin the everyday lives of Australians such as transport control systems, power grids and industrial plants.

Skills and talent are essential

Managing Australia’s exposure to cyber risks relies on our capacity to access the right skills and talent, and our ability to support greater investment into research, leading to the development of innovative solutions.

According to analysis by AustCyber [1], there is a significant shortage of job-ready cyber security workers in the local market, with the need for an additional 17,600 cyber security workers anticipated by 2026 to fulfil Australia’s growing cyber security and data privacy requirements. Central to the required growth in labour is the need to ensure we develop a larger pipeline of successful cyber and data security firms over the next decade. Growing the number and scale of businesses in this sector will go a long way to creating new employment opportunities for the next generation of Australians that we need to meet the demand for talent in this area. The downstream pay-offs for the Australian economy, and for Australian consumers, will be substantial.

The 2020 Cyber Security Strategy has been informed by extensive community consultation and expert advice from Government’s Industry Advisory Panel, chaired by Telstra CEO Andy Penn.

In December 2019, the Australian Investment Council made a submission to the government consultation on the development of Australia’s 2020 Cyber Security Strategy.