Macquarie Technology Group welcomed the 2023-2030 Australian Cyber Security Strategy from the Albanese Government, marking it as an unprecedented opportunity to improve collaboration between industry, government, and intelligence.
“Most collaboration between government, industry and intelligence currently happens within what could be deemed the regulatory compliance vertical, owing to the legal ramifications organisations can face when cyber events happen,” said Aidan Tudehope, Macquarie Technology Group co-founder and Macquarie Government Managing Director.
“This Strategy provides the opportunity for greater collaboration between intelligence operators within both government and enterprises – typically CISOs, CIOs and CTOs – and their counterparts in the Australian Signals Directorate (ASD). The ASD paints a picture of the ever-changing threat landscape, and consistent, quality intelligence can help it offensively attack and disrupt cybercriminals.”
Mr Tudehope said the ASD’s recent annual assessment emphasised that need, particularly in the context of the AUKUS partnership which may be a ‘target for state actors looking to steal intellectual property for their own military programs’.
“Our AUKUS allies want to see confidence in Australia’s industrial base to support the partnership,” he said. “Given the horizontal effect cyber security has across all industry sectors and their supply chains, getting behind the Strategy and building more cyber-aware citizens and businesses will help create that confidence and showcase the incredible capabilities and talent we have in the local sector.”
Macquarie also called for the Strategy to become the pre-eminent Strategy to which people, industry, and governments – including relevant legislative and policy regimes – align.
“The current cyber security and privacy legislation landscape has evolved considerably in recent years, and in the process has become fragmented across the Commonwealth, states and territories,” said Mr Tudehope.
“Minister O’Neil’s Strategy establishes cyber security as a unifying nationwide endeavour, led by the Federal Government as the exemplar, but delivered in synchronicity with all tiers of government, the private sector, and the wider economy. This is a nationwide pursuit which requires a nationwide approach to succeed.”
To underscore this alignment, Mr Tudehope welcomed the major uplift in Australian organisations’ cyber security posture, particularly among small and medium-sized enterprises (SMEs), announced by the Government in the cyber health-check program and Small Business Cyber Resilience Service.
“SMEs, companies under $3M revenue, are currently exempt from Australian privacy laws and many data protection, deletion, and governance requirements. But they make up about 95 per cent of all organisations in Australia, and many are part of Government and critical infrastructure supply chains, sharing data and digitally interacting with entities crucial to the nation’s economy and national resilience.
“Organisations with an immature understanding of cyber and privacy measures could be inadvertently creating risk for other, potentially more critical organisations, and we strongly welcome the Government’s targeted support to help SMEs achieve new levels of cyber security and sophistication.”
Mr Tudehope added that organisations can find additional opportunities to uplift their capabilities within the Essential Eight (E8) maturity model and Security of Critical Infrastructure (SOCI) Act, which is effectively uplifting 11 critical sectors.
“To become the world’s most secure nation by 2030 – and to build beyond that as cyber threats aren’t static – the Strategy rightly focuses on uplifting everyone,” he said.
“A Team Australia approach will see the collaboration we need become part and parcel of our cyber ecosystem, while raising the cybersecurity awareness and literacy of every single organisation and resident in the nation.”