Australia's cyber sector grows amid increasing attack risks

A report from the Australian Cyber Network has revealed ongoing growth and investment in Australia's cyber security sector, alongside rising threats and limited political attention at the national level.

The State of the Industry 2024 report is the first national benchmark mapping the size, composition, and urgency of the Australian cyber security sector. It draws on more than 30 datasets to inform policy, investment, and workforce development, providing a detailed overview of the sector's current state and future direction.

According to the report, the cyber security sector in Australia contributed AUD $9.99 billion in gross value added (GVA) in 2024, supporting over 137,000 jobs and attracting AUD $348 million in investment. Revenue reached AUD $6.13 billion in 2024, an increase of 9.66% compared to the previous year. The sector comprises more than 302 cyber companies, 97% of which are Australian-owned.

The analysis also highlights significant vulnerability among Australian businesses. The report found that 69% of businesses encountered a ransomware attack during 2024, and Australia now ranks fourth globally for cyber attacks on critical infrastructure.

Jason Murrell, Chair of the Australian Cyber Network, said: "This report sets the baseline. It tells us where we are and what's at stake. We support the government's Cyber Security Strategy. But the threat is outpacing the implementation. This is not just an industry issue. It's a national security issue that demands national leadership."

The release of the report follows a series of reported cyber incidents, including attacks on the NSW Law Courts, AustralianSuper, universities, and the IVF provider Genea. Despite the prevalence and severity of these attacks, cyber security issues have been notably absent from major national policy debates during the current federal election cycle.

Mr Murrell said: "This silence is a risk in itself. Cyber is a strategic domain. It affects trust in government, the safety of citizens and the viability of supply chains. We have got the strategy, now we need the urgency, action and visible political priority."

The report was developed with input from government, industry, and research partners and aims to provide a comprehensive and repeatable overview of the sector. Among other findings, the report details that investment in cyber start-ups more than tripled over the past year, reaching AUD $348 million, and that cyber security workforce numbers are forecasted to grow by 41% by 2029.

Another significant outcome from the report is the updated understanding of gender participation within the cyber workforce. Previous estimates undercounted women due to narrow definitions of technical roles. Using new methodologies, the report shows that women now represent 25% of the Australian cyber security workforce, up from 17% in 2021.

Professor Ryan Ko, Chair and Director of the Cyber Research Centre at the University of Queensland, commented: "It's encouraging to see progress in gender diversity within the cyber workforce, with women now representing 25% - up from 17% in 2021. This reflects both the collective efforts of our industry and the robust methodology behind this study. More importantly, this report gives us, for the first time, a complete and evidence based view of Australia's cyber workforce."

Professor Ko added: "For too long, we've relied on fragmented datasets and inconsistent job definitions. This is the first national baseline built on real methodology. It allows us to track not just how many people are in cyber but who they are, where they work and how that's changing over time. That clarity is essential if we want to design inclusive pathways, identify systemic gaps and build the workforce Australia actually needs."

The report's compilation coincides with changes in national workforce tracking. The Australian Bureau of Statistics, with the support of the Australian Cyber Network, has added five new cyber-specific job codes to the ANZSCO classification framework, allowing for more accurate tracking of cyber industry employment and diversity.

Legal and regulatory aspects were also considered. Annie Haggar, Cyber Lawyer and Board Member of the Australian Cyber Network, observed that while recent legislative reforms such as the Cyber Security Act 2024 marked progress, significant cultural changes are still required across the sector.

Ms Haggar said: "Companies must take reasonable steps to secure their systems. The question is, how many are actually doing it? Not enough is the answer, not just from the numbers of breaches being reported but also from recent action by Australia's regulators in the space."

She continued: "This report shows that 69 per cent of Australian businesses were hit by ransomware last year. That's not just a worrying statistic, it's a signal that the current approach isn't working. We still see fear, silence and legal risk driving decisions after incidents."

"If we want to build national resilience, we have to normalise transparency and treat cyber as a shared responsibility, not a private embarrassment. The new limited use protections in the Cyber Security Act are designed to foster a culture of disclosure which will ultimately help us all to understand and address cyber risk as a nation."

Mr Murrell stated: "Australia has the talent, tech and tenacity to lead in cyber. But leadership doesn't come from capability alone. It comes from action. This report is the evidence. The question now is whether government and industry act on it."

"If we don't respond with urgency, coordination and long-term thinking, we won't fall behind gradually. We'll fall behind suddenly. The window to secure Australia's digital future is open now. It won't stay open forever."