The Australian Government recently consulted on ‘Horizon 2’ of its Cyber Security Strategy, covering the period from 2026 through to 2028.
Driven by the goal of scaling cyber maturity across the whole economy, the Australian Government is considering further updates to its legislation, including how it can best align with core global frameworks and provide appropriate protections for security professionals.
It has also committed to make further investments in the broader cyber ecosystem, growing the industry, cultivating a diverse workforce, and ensuring Australia has the sovereign cyber capabilities it needs to thrive in the digital age.
Responding to the consultation, NCC Group called for a proportionate, globally aligned regulatory response to emerging threats and technologies and the changing economic landscape, including an AI Act for Australia, further updates to the SOCI Act, and extending and requiring the Cyber Trust Mark for all digital products used in Australia’s public sector and critical infrastructure.
NCC Group also urged the Australian Government to prioritise the following policies:
- A detailed and continually updated national post-quantum cryptography (PQC) roadmap, signalling to both public and private sector organisations what they need to achieve and by when.
- Appropriate support for small and medium-sized businesses (SMBs) and non-profits, building on the success of the Small Business Cyber Resilience Service.
- Development of shared capabilities with Five Eyes, AUKUS and other regional allies, because cyber security as a ‘team sport’ applies globally as much as it does domestically.
- A centralised national cyber skills strategy, that creates the cyber professionals that we need today and tomorrow, while also ensuring all citizens from board members to school-age children have the cyber literacy skills they need to make informed decisions about their digital security.
- An ever-closer public-private partnership between the Australian Government and the cyber security sector, including through co-creation of capabilities, regular feedback mechanisms, two-way secondment schemes, and improved information sharing.
- Legal clarity on permissible unauthorised access to computer systems, both in terms of Active Cyber Defence but also security vulnerability research.
Commenting, Tim Dillon, Market Leader, said:
“The first phase of Australia’s Cyber Security Strategy has brought about many positive changes, from long overdue updates to the SOCI Act and smart device standards to global leadership through the Counter Ransomware Initiative (CRI) and successful law enforcement takedowns. However, against an unstable geopolitical backdrop, the rate, severity and sophistication of cyberattacks and hybrid threats continues to grow. We also see nation states doubling down on developing strategic, sovereign cyber and emerging technology capabilities.
A collective response is required to ensure that Australia has the right capabilities, institutional structures and legal frameworks to stay ahead of emerging threats and create a flourishing digital economy.
We are therefore pleased with Horizon 2’s focus on cyber security as a ‘team sport’. In practice, this must strike the right balance between mandated rules, empowerment initiatives and proactive support – recognising the different needs and resources of organisations across the cyber ecosystem and wider economy.”