Australia finally has a dedicated minister for cyber security. Here’s why her job is so important

Australia finally has a dedicated minister for cyber security. Here's why her job is so important

Lukas Coch/AAP

On Tuesday, Australia’s new Prime Minister Anthony Albanese announced his government’s first full ministry, with Victorian member Clare O’Neil appointed Minister for Home Affairs and Minister for Cyber Security. It’s the first time cyber security has had its own portfolio in the Australian cabinet.

Former Minister for Home Affairs Karen Andrews was in charge of most of the implementation of the previous government’s cyber security policies, and often shared these duties with former Assistant Defence Minister Andrew Hastie. No other government in the G20 has a dedicated minister for cyber security.

Albanese anticipated this move prior to the election. During an address at the Lowy Institute on March 10, he hinted his intent to appoint a dedicated cyber security role. Details on the role are yet to be defined, as is the associated budget.

O’Neil was previously Shadow Minister for Innovation, Technology and the Future of Work. With education in history, law and public policy, and a previous stint in management consulting with McKinsey & Company, she has a multifaceted background.

This puts her in a good position to promote a multidisciplinary approach to cyber security – something that has been called upon for a long time.

Her appointment is expected to strengthen Australia’s commitment to cyber security, which was first systematically set out in the 2016 Cyber Security Strategy, and re-emphasised in the 2020 strategy.

Cyber risk is only increasing

According to the Australian Cyber Security Centre, there had been a nearly 13% increase in cyber crime reports in the 2020-21 financial year, compared to the year prior.

With some 67,500 reports, that’s one incident reported nearly every eight minutes. Self-reported losses totalled more than A$33 billion, with more than a quarter of the incidents associated with critical infrastructure. Year to year, these numbers are on the rise.

See also  AI could threaten some jobs, but it is more likely to become our personal assistant

The growth in cyber security budgets over the past few years has signalled how seriously Australia is taking this. Allocated funds grew from $230 million in 2016, to $1.67 billion in 2020, to $9.9 billion in this year’s budget to implement the REDSPICE program.


Read more:
Budget 2022: $9.9 billion towards cyber security aims to make Australia a key ‘offensive’ cyber player

This has been accompanied by policy changes. Between December 2021 and April 2022, the previous government strengthened the Security of Critical Infrastructure regime in two phases. In the first phase, it expanded the definition of critical infrastructures from four to 11 sectors.

It introduced positive security obligations, such as mandatory cyber incident reporting by certain entities to the Australian Cyber Security Centre, and expanded the provision of information to the Register of Critical Infrastructure Assets. This register helps the government track ownership of key cyber infrastructure, among other important information.

Beyond this, it included government assistance to industry as a potential last resort in cyber incidents. This opens the possibility for the Secretary of Home Affairs to direct an affected entity to take certain actions in response to an incident.

In the second phase, it introduced enhanced cyber security obligations for the country’s most critical assets, or “systems of national significance” – and made it obligatory for them to have risk management programs.

The new government has yet to indicate whether new cyber security policies will be promoted, or existing ones modified. However, before his election Albanese emphasised the importance of strengthening cyber resilience, as a complement to the offensive cyber measures introduced in the previous government’s REDSPICE program.

See also  Exploding pagers and walkie-talkies are a reminder of how easily your devices can be hacked – here’s how to make sure they are safe

A trailblazing move for the sector

The appointment of O’Neil as a dedicated Minister for Cyber Security sends two important signals.

First, it demonstrates cyber security has become an important matter for politicians and business leaders alike, not just for IT departments. It also has the potential to strengthen Australia’s position in the Asia-Pacific cyber context, and in response to possible threats from the Ukraine war.


Read more:
As Russia wages cyber war against Ukraine, here’s how Australia (and the rest of the world) could suffer collateral damage

Second, in line with Albanese’s efforts to increase gender balance in the cabinet, the newly appointed minister is a woman. This is a powerful signal in the cyber security world.

As of 2018, the percentage of women cyber professionals in Australia was 25%. This is higher than most countries, but still far from balanced.

There are several reasons for women’s under-representation in the cyber space. They include a 24/7 “always on” work culture, gender-based discrimination, stereotype biases, wage inequality, issues with perceived self-efficacy, and a lack of women role models.

However, recent initiatives have been taken to break the barriers. We’ve seen more dedicated university scholarships, industry mentorship programs, flexible work arrangements and “positive discrimination” (such as hiring to fill quotas). Although views on the latter remain controversial.

Regardless, the appointment of a woman to a top cyber security position could certainly go some way towards empowering other women in the space, and those wanting to join. This will hold particularly true if O’Neil decides to address Australia’s gender gap in cyber talent.

See also  People think they should talk less to be liked, but new research suggests you should speak up in conversations with strangers

Recent forecasts show the country will need nearly 17,000 more cyber security professionals by 2026.

The Conversation

Ivano Bongiovanni does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.