Australia aims to become a world leader in cybersecurity by 2030, a goal that is both ambitious and essential.

The federal government’s Cyber Security Strategy outlines a clear path, with “secure-by-design” as a core principle. It’s a vision where resilience is built into public sector systems core, not added as an afterthought.

But that vision runs into a familiar challenge: legacy systems. Many agencies still rely on ageing platforms to deliver essential services, making it harder to implement increasingly critical models like Zero Trust – especially as threats grow more constant and sophisticated.

This is where AI comes in. The next step for government cybersecurity is not adopting more frameworks but using AI to make Zero Trust work within the infrastructure already in place. With the right approach, agencies can modernise from within, strengthen resilience, and move closer to the 2030 goal, without rebuilding from scratch.

Why Zero Trust is Critical

Zero Trust is a practical way to embed resilience into complex environments that weren’t built with modern threats in mind. It enforces secure-by-design principles, such as continuous verification, least-privileged access, and assuming breach as the default. It also delivers measurable results.

DXC’s Trust Report found that 83% of organisations adopting Zero Trust successfully reduced security incidents, lowering remediation and support costs. And it isn’t just a security win. More than half of organisations also saw improvements in user experience, which is critical in citizen-facing services.

Read also: Digital government powers smarter procurement

Most organisations (72%) say new and evolving threats are the main reason they continue to invest in Zero Trust strategies. For government agencies, Zero Trust offers a clear path to strengthen resilience. The question is how to do this without having to go through a complete overhaul of legacy systems.

Legacy Tech as a Blocker

Legacy systems are a major blocker for the adoption of modern cybersecurity solutions, both for the private sector and government agencies or institutions. In DXC’s Trust Report, 66% of organisations cited legacy systems as the biggest barrier to adopting Zero Trust.

This is impacting adoption: only 30% of organisations are using AI-driven authentication tools, despite the rise of AI-powered threats.

Legacy systems also remain deeply embedded across the public sector, with agencies spending up to 80% of their technology budgets just maintaining outdated infrastructure, significantly more than sectors like banking and finance.

The challenge is that these environments lack the core features needed to support modern security approaches like Zero Trust. To overcome this, agencies need solutions that work with – not against – the infrastructure they already rely on.

AI as a Solution

While Zero Trust provides the strategy, AI can make it work with existing infrastructure, at scale and effectively. There are several ways to do this. For example, AI can strengthen legacy systems by acting as an intelligent protective layer rather than requiring disruptive or costly changes.

Authentication proxies can create secure boundaries, continuous monitoring can detect anomalies in real time, and automated patching can identify and fix vulnerabilities. Together, adaptive upgrades like these can enhance security without having to update the system completely.

Turning Ambition into Action

Australia’s 2030 cyber goals are within reach, but only if the public sector can shift from intent to execution. That means taking a more adaptive approach, one that applies AI and Zero Trust to uplift protection even without full-scale system replacement.

Doing this, however, will require a cultural change, clear leadership and a commitment to designing security into every layer of government services using AI solutions.

By taking an integrated approach based in AI now, agencies can build the foundations for long-term security and deliver on the promise of a safer, more trusted digital future for all Australians.

Kylie Watson

Head of Security at DXC Technology |  + postsBio

Kylie is the Head of Security for DXC Technology in APJ MEA. She is responsible for security across infrastructure, applications and services including cyber defence, digital identity, secured infrastructure and security risk management.

With over thirty years’ experience leading teams in Australia, New Zealand, Singapore, Korea, Malaysia, India and Thailand for companies such as SAP, Deloitte, PwC and IBM, Kylie has successfully advised many of the C Suite on their cyber risk posture, and security roadmaps in the face of evolving threat intelligence.

She has been deeply entrenched with her clients in strategic and tactical preparedness for incident response and the provision of Managed Security Services. Her experience also ranges to running large scale Systems Implementations for SAP, IBM, Palo Alto, Tenable, and Sailpoint OEMs, as well as hyperscalers including IBM Z Cloud, Azure, and AWS across commercial and government customers.

Kylie is both a technologist and a sociologist with deep research experience in cyber criminals and has published many papers on cyber security and risk for new technologies such as AI and Quantum, including risks of predictive analytics in healthcare. She has degrees in Cyber Security and Data Management (GPA 7), English, History and Sociology, Diplomas in Management and Teaching and multiple certifications in Cloud services (AWS and Google), Quantum and Security by Design.

• Kylie Watson

  Unlocking Zero Trust: Why the public sector needs AI, not different frameworks