On Tuesday, Australia’s new Prime Minister Anthony Albanese announced his government’s first full ministry, with Victorian MP Clare O’Neil appointed Home Secretary and Cybersecurity Minister. This is the first time that cybersecurity has had its own portfolio within the Australian firm.
Former Home Secretary Karen Andrews was responsible for most of the implementation of the previous government’s cybersecurity policies and often shared those duties with former Deputy Defense Minister Andrew Hastie. No other G20 government has a dedicated cybersecurity minister.
Albanese anticipated this decision before the elections. During a speech at the Lowy Institute on March 10, he hinted at his intention to appoint a position dedicated to cybersecurity. The details of the role remain to be defined, as does the associated budget.
O’Neil previously served as Shadow Minister for Innovation, Technology and the Future of Work. With a background in history, law and public policy, and previous experience in management consulting at McKinsey & Company, she has a multi-faceted background.
This puts it in a good position to promote a multidisciplinary approach to cybersecurity, which has long been requested.
His appointment is expected to reinforce Australia’s commitment to cybersecurity, which was first systematically defined in the 2016 cybersecurity strategy, and reaffirmed in the 2020 strategy.
Cyber risk is only increasing
According to the Australian Cyber Security Centre, there was an almost 13% increase in cybercrime reports in the 2020-21 financial year, compared to the previous year.
With some 67,500 reports, this represents an incident reported almost every eight minutes. Self-reported losses totaled more than A$33 billion, with more than a quarter of critical infrastructure incidents. From year to year, these figures increase.
The growth of cybersecurity budgets over the past few years has shown how seriously Australia takes this. Funds allocated have increased from $230 million in 2016 to $1.67 billion in 2020, to $9.9 billion in this year’s budget to implement the REDSPICE program.
Read more: Budget 2022: $9.9 billion for cybersecurity aims to make Australia a key ‘offensive’ cyber player
This was accompanied by political changes. Between December 2021 and April 2022, the previous government strengthened the critical infrastructure security regime in two phases. In a first phase, it widened the definition of critical infrastructures from four to 11 sectors.
It introduced positive security obligations, such as mandatory reporting of cyber incidents by certain entities to the Australian Center for Cyber Security, and expanded the provision of information to the Critical Infrastructure Asset Register. This registry helps the government track ownership of key IT infrastructure, among other important information.
Beyond that, it included government assistance to industry as a potential last resort in the event of cyber incidents. This opens up the possibility for the Home Secretary to direct a relevant entity to take certain actions in response to an incident.
In the second phase, it introduced enhanced cybersecurity obligations for the country’s most critical assets, or “systems of national importance”, and made it mandatory for them to have risk management programs.
The new government has not yet indicated whether new cybersecurity policies will be promoted or whether existing policies will be modified. However, before his election, Albanese stressed the importance of building cyber resilience, complementing the offensive cyber measures introduced in the previous government’s REDSPICE programme.
A pioneering initiative for the sector
O’Neil’s appointment as dedicated cybersecurity minister sends two important signals.
First, it demonstrates that cybersecurity has become an important issue for politicians and business leaders, and not just for IT departments. It also has the potential to strengthen Australia’s position in the Asia-Pacific cyber context and in response to possible threats from war in Ukraine.
Read more: As Russia wages cyberwar on Ukraine, here’s how Australia (and the rest of the world) could suffer collateral damage
Second, in line with Albanese’s efforts to increase gender balance in the cabinet, the newly appointed minister is a woman. This is a strong signal in the world of cybersecurity.
In 2018, the percentage of female cyber professionals in Australia was 25%. This is higher than in most countries, but still far from balanced.
There are several reasons for the under-representation of women in cyberspace. They include a 24/7 “always available” work culture, gender discrimination, stereotypical biases, pay inequality, perceived self-efficacy issues, and lack of female role models. .
However, recent initiatives have been taken to break down the barriers. We’ve seen more dedicated college scholarships, industry mentorship programs, flexible work hours, and “affirmative action” (like hiring to fill quotas). Although opinions on the latter remain controversial.
Either way, appointing a woman to a high-level position in cybersecurity could certainly help empower other women in space and those who wish to join. This will be especially true if O’Neil decides to close Australia’s gender gap in cyber talent.
According to recent forecasts, the country will need nearly 17,000 additional cybersecurity professionals by 2026.