Australia’s 2022/23 BUDGET - A Cybersecurity Perspective
AKA – I’ll tell you what we want what we really really want
all Links are safe
Hello and welcome back to the brain of Jacqueline Jayne. In todays update we will be discussing the Australian 2022/23 Budget. The focus is (as usual) the human element of cyber security. You will also find a link to the Budget at the end of the article.
First up, let’s take a look at the mentions and context of cyber in the Australian 2022-23 Budget:
• Cyber security was mentioned once under Supporting small business growth
• Cyber attacks also mentioned once under Protecting our interests in an uncertain world
• Cyber capabilities made its first appearance as it relates to AUKUS and Investing in our strategic partnerships
• Cyber and intelligence capabilities was mentioned twice as it relates to REDSPICE (I could not escape the mental image of The Spicegirls introducing a new member). The Australian Signals Directorate (ASD) is to deliver a Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers package – REDSPICE.
• Cyber domain was mentioned once as it relates to Department of Defence (Defence) and related agencies
Below is an excerpt from Page 16 in the Budget
Supporting small business growth
The Government is supporting small businesses to digitalise their operations and upskill their employees by introducing a Technology Investment Boost and a Skills and Training Boost.
Supporting small business growth The Government is supporting small businesses to digitalise their operations and upskill their employees by introducing a Technology Investment Boost and a Skills and Training Boost.
Small businesses, with aggregated annual turnover less than $50 million, will be able to deduct a bonus 20 per cent of the cost of business expenses and depreciating assets that support digital uptake, up to $100,000 of expenditure per year.
The Technology Investment Boost will apply to eligible expenditure incurred between 7:30pm (AEDT) on 29 March 2022 (Budget night) and 30 June 2023. It will support investment in digital items such as cloud computing, cyber security, accounting and e-invoicing software and web page design.
The Boost is estimated to provide $1 billion in tax relief, encouraging small businesses to invest more in digital products and it will help strengthen business confidence, accelerate digital transformation and create jobs.
If cyber security (as stated above) in the 2022/23 Budget includes the investment associated with security awareness education and training, then <<insert standing ovation here>>.
If it doesn’t, and it only relates to investing in cyber security systems and tools then <<insert disappointment here>>.
And, how about all other organisations outside of small business? All the people working or volunteering for them also need security awareness education and training. As do our children and over 65s.
Let me explain why.
Australia's small businesses employ around 7.8 million workers who need to make better decisions when it comes to security (don’t forget the other approximate 5.4 million workers too and the children and seniors).
According to the Verizon Data Breach Investigation Report (DBIR) they found that a vast majority of data breaches are caused by some form of exploitation of the human element or by human error. In their 2021 Verizon DBIR, of the 5,250 breaches they analysed, 85 percent involved the human element.
If 85 percent of breaches are being caused by social engineering or human error, and a minimal amount of spending is focused on the human layer, then it is clearly time to put more focus on the human side.
In fact, security education and awareness are rarely mentioned as a cost line in reports that breakdown where the cyber security budgets are being distributed.
What we do see is cyber security budgets being spent on application security, cloud security, data security, identity access management, infrastructure protection, integrated risk management, network security and more.
Cybercrime cost Australians more than $33 billion in 2020‑21
According to analyst firm Gartner, Australian organisations are expected to spend over $4.9 billion on enterprise information security and risk management products and services by the end of 2021. Despite the billions being spent, cyber attacks are increasing with the largest risk factor seemingly ignored.
It’s like knowing that 85% of home invasions are the result of unlocked front doors and then spending all the money to reinforcing the windows!
Empowering Australians to make better decisions when it comes to security is the goal which comes from a focus on security awareness, behaviour, and culture. This is a direct result of an ongoing, relevant, and engaging security awareness and education program. We can not only reply on tools and technology when the majority of breaches are the direct result of human error.
Cybersecurity is everyone’s responsibility and while yes, we need to protect our interests in an uncertain world, invest in our strategic partnerships, implement REDSPICE, and support our Defence force as they relate to cyber security, we also have a duty of care to focus on the human element.
Jacqueline Jayne
Security Awareness Advocate – APAC for KnowBe4
Let me know your thoughts!