The 2024 federal budget has included major funding outlays for public sector cyber security and the ongoing war against scams, but a lack of focus on uplifting cyber security in the private sector has drawn the ire of some in the industry.
Treasurer Jim Chalmers handed down the federal budget in Canberra on Tuesday night.
The major new funding announcement for cyber security is $206.4 million over four years, along with $7.2 million in ongoing cash, for the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investment Commission (ASIC) to improve data capability and cyber security.
This funding will assist with the stabilisation of business registers and modernisation of legacy systems.
APAC CEO of cloud software firm Pax8, Chris Sharp, criticised a lack of focus on cyber security in general from the Treasurer.
“There was a pretty significant word missing from the federal government’s budget speech: cyber,” Sharp said.
“The oversight to communicate, let alone significant invest in, Australia’s cyber defence sleepwalks over the financial challenges of our small to medium businesses…they need a government that consistently recognises the cyber crisis and dedicates resources which get them started on becoming government-compliant, fighting increasing cyber insurance premium costs and protecting their critical infrastructure.”
The budget also allocated $11 million to transform the existing Credential Protection Register into a mobile app that will notify users when their credentials are misused in real time.
This is on top of the $3.3 million provided for the register in last year’s MYEFO update.
It was announced earlier this week that the budget would include $288 million for the government’s digital identity scheme.
According to Proofpoint senior director Adrian Covich, these programs are “key in helping individuals to feel more in control of their data and ensure more accurate reporting on cyber incidents”.
“There is no doubt these measures together will reduce the overall threat risk,” Covich said.
“Credentials are one of the top targets for cyber criminals and their theft can cause substantial damages for both individuals and organisations.
“Minimising both how often personal data is shared and the number of people it is shared with is the easiest way to reduce the risk of it falling into the wrong hands or being leaked accidentally.”
BeyondTrust director of solutions engineering for Asia-Pacific Scott Hesford said the budget funding was welcomed.
“While it is unclear how the additional funding will be invested, it is important to help the sector uplift its cyber resiliency,” Hesford said.
“In particular, the way that third-party suppliers interact with key systems and data of financial services organisations needs greater security to limit the blast radius and paths to privilege should those suppliers get breached.”
More money to take on scams
The 2024 budget also included significant funding for the federal government’s war against scams.
This includes $67.5 million over four years and $8.6 million in ongoing funding for the development of mandatory industry codes under a Scams Code Framework, and increased use of the eInvoicing network.
This package includes $37.3 million for mandatory codes enforcement, $23.3 million to the tax office for eInvoicing, $6.3 million for a public awareness campaign about scams and $1.6 million for the development of legislation for the overarching scam codes framework.
On top of this, $187 million will go towards the Australian Taxation Office to improve its ability to detect, prevent and mitigate fraud against the tax and superannuation systems, including $78.7 million for upgrades to information and communications technologies.
A Technology Foreign Interference Taskforce, led by Home Affairs, has been stumped up in the federal budget with $4.2 million in funding over four years, and $900,000 ongoing.
This taskforce will work with the local tech sector to “protect sensitive and proprietary information from espionage, sabotage and foreign interference”.