Building a Competitive Australian Industry

Building a Competitive Australian Industry

by acsgn_admin

While there is great potential for Australia to grow and succeed in the focus segments and the wider cyber security industry, the challenges are not insignificant and need to be properly addressed. Given the urgency of this opportunity and the eagerness of many other countries to also seize this moment in cyber security, that needs to happen fast. The Australian Government has already announced in its Cyber Security Strategy various measures that will help the Australian cyber security industry flourish, and many are already beginning to be implemented.

Based on the focus segments and the challenges, Australia should pursue three goals in order to develop a highly capable and globally competitive cyber security industry. Exhibit 38 explains these goals and the strategies that sit within them.

Exhibit 38:

4.1 Grow an Australian cyber security ecosystem

Australia’s cyber security industry lacks the strong domestic ecosystem to compete effectively on a global scale. The local network of specialist firms, researchers, government bodies and training institutions that make up Australia’s cyber security industry remains fragmented and underdeveloped, especially in software. This makes it difficult for Australia to fully harness the tremendous economic opportunity arising from the expected surge in demand for cyber security. If Australia wants to become a global market leader in cyber security and serve a substantial share of additional security demand over the next decade, it needs a stronger, more coherent cyber security ecosystem.

To achieve this, Australia will need to create more innovative cyber security startups and help them grow into mature, market-ready and internationally competitive businesses that can cater for the domestic market as well as global value chains. Strengthening the cyber security ecosystem also means inspiring a greater collaboration between firms, researchers, government, investors, education providers, and other stakeholders involved.

Help cyber startups find their first customers

Anchor customers, typically large industry players or government departments, add value to any startup. But for cyber security startups, which rely heavily on trust to gain access to high-risk business areas, anchor customers are one of the most critical ingredients for success as they help establish market legitimacy.

Assisting cyber security startups in their search for customers can help strengthen the competitiveness of the local industry. This is because anchor customers often challenge an emerging firm to sharpen its profile and refine its offering to be better aligned with global market needs, which increases business prospects.

Existing measures

The Australian government’s National Innovation and Science Agenda comprises a suite of initiatives that back startups and entrepreneurs and their ability to generate economic growth and new jobs.

The program includes a Business Research and Innovation Initiative, which provides funding for entrepreneurs to create new products and innovations that meet defined government needs, while retaining their intellectual property and the right to commercialise the ideas in Australia or overseas.

In addition, the agenda vows to create more opportunities for startups to do business with government through the Digital Marketplace, an online platform connecting government agencies with firms offering digital services. The Marketplace has just opened for cyber security firms, which can now join other companies in competing for a share of the government’s A$5 billion-a-year budget on external information and communication technology services.

Various initiatives by Australian states and territories support the national efforts to improve the collaboration between government agencies and cyber security firms. For example, the government of New South Wales announced in its latest NSW Government ICT Strategy that it will try to use smarter procurement processes when engaging with firms—from startups to global businesses—to grow the local digital economy.

The Australian Government is also actively promoting the ingenuity of Australian cyber security firms abroad as part of its Landing Pads program, which aims at enabling startups to “rapidly fine-tune their pitch, commercialise their offering, identify partners, customers and investors, and access global markets”.  A recent example includes a mission to San Francisco, where a delegation of senior Australian government officials and cyber security firms met with key US industry players and cyber security experts to explore business opportunities.

Actions

Improve research focus and collaboration to assist commercialisation

Australia is home to several world-class universities and research institutions that are on the leading edge of cyber security innovation. Yet a diffuse funding system and weak links between academics and business limit the effectiveness of Australia’s research capabilities.

The scattered approach to public R&D funding for cyber security in Australia should be replaced with a more targeted funding strategy that focuses on cultivating a select number of national hubs for research excellence. A limited and specific set of research areas would also help focus the efforts of Australia cyber security researchers and institutions, and guide the allocation of funding to research by government agencies. ACSGN has developed Knowledge Priorities for cyber security in consultation with industry and researchers, located in Appendix A. The knowledge priorities will be used to set out industry research needs and commercialisation opportunities for Australia’s cyber security sector, as well as inform the activities of ACSGN as it works with stakeholders across the economy to improve the sector’s research focus, collaboration and commercialisation outcomes. These will be refined over time through further engagement and an evaluation of areas of existing research capability in Australia.

Further, Australia should work to improve opportunities for research collaborations between industry and universities. A stronger innovation partnership is needed to fully harness the commercial possibilities of cutting-edge research.

Existing measures

The Australian government has already begun to strengthen the capabilities of Data61, which plays an important role in facilitating the collaboration between researchers and industry (see Box 7). Plans outlined in Australia’s Cyber Security Strategy include the launch of a cyber-specific PhD scholarship program at the national science organisation CSIRO, which will allow students to work alongside Australia’s leading data scientists at the interface between academia and the business world.

There is also an existing proposal to pursue a scaled research program as well as consideration for the launch of a Cyber Security Innovation Lab that would bring together startups, researchers, entrepreneurs, multinational corporations and government officials to create and commercialise new ideas in cyber security.

Actions

Make access to seed and early-stage venture capital easier

Australian cyber security firms face larger obstacles than some of their global peers when trying to access early-stage venture and seed capital. It is crucial for Australia to remove these funding hurdles and help startups commercialise novel products and innovative services that will differentiate them from foreign rivals. A more favourable funding environment, including the system of incubators and accelerators, will enable Australian cyber security startups to become global market leaders.

Existing measures

The Australian government already provides access to expert guidance and grants to help businesses commercialise their novel products, processes and services. The initiative, known as Accelerating Commercialisation”, is part of the Entrepreneurs’ Programme.

Further support for the commercialisation of early-stage innovation in Australia comes from a new program that is jointly funded by the national science agency CSIRO, the Australian government and private-sector companies. The “CSIRO Innovation Fund”, launched in December 2016 and endowed with A$200 million, will invest in startups, spin-off companies and existing small firms to help Australia’s home-grown innovations become successful businesses.

The national Incubator Support initiative provides targeted funding to improve the prospects of Australian startups achieving commercial success in international markets. The initiative supports entrepreneurial activity and contributes to the development of Australia’s innovation ecosystem. 

Last year, the Australian government also increased the incentive for investors to fund innovative companies at the early and growth stages of a startup. From 1 July 2016, anyone investing in Early Stage Venture Capital Limited Partnerships will enjoy additional tax offsets, a move designed to attract greater levels of international venture capital into Australia’s most innovative industries. The government also has the Venture Capital Limited Partnerships programme, which aims to stimulate Australia’s venture capital sector by attracting foreign investors and is also open to domestic investors.  

Actions

Make access to seed and early-stage venture capital easier

Australian cyber security firms face larger obstacles than some of their global peers when trying to access early-stage venture and seed capital. It is crucial for Australia to remove these funding hurdles and help startups commercialise novel products and innovative services that will differentiate them from foreign rivals. A more favourable funding environment, including the system of incubators and accelerators, will enable Australian cyber security startups to become global market leaders.

Existing measures

The Australian government already provides access to expert guidance and grants to help businesses commercialise their novel products, processes and services. The initiative, known as Accelerating Commercialisation”, is part of the Entrepreneurs’ Programme.

Further support for the commercialisation of early-stage innovation in Australia comes from a new program that is jointly funded by the national science agency CSIRO, the Australian government and private-sector companies. The “CSIRO Innovation Fund”, launched in December 2016 and endowed with A$200 million, will invest in startups, spin-off companies and existing small firms to help Australia’s home-grown innovations become successful businesses.

The national Incubator Support initiative provides targeted funding to improve the prospects of Australian startups achieving commercial success in international markets. The initiative supports entrepreneurial activity and contributes to the development of Australia’s innovation ecosystem. 

Last year, the Australian government also increased the incentive for investors to fund innovative companies at the early and growth stages of a startup. From 1 July 2016, anyone investing in Early Stage Venture Capital Limited Partnerships will enjoy additional tax offsets, a move designed to attract greater levels of international venture capital into Australia’s most innovative industries. The government also has the Venture Capital Limited Partnerships programme, which aims to stimulate Australia’s venture capital sector by attracting foreign investors and is also open to domestic investors.  

Actions

Simplify government and private sector procurement processes

Many large companies and government agencies—both state and Federal—are bound by strict procurement guidelines, designed to ensure reliable performance of contractors and protect the integrity of their networks. But the complexity and cost of these requirements pose a barrier for smaller and newly established firms, which are often defeated by larger rivals with more experience, reputation and resources.

While strict compliance and procurement rules are necessary to protect high-risk business areas, more can be done to ensure a greater participation of startups and other small firms in the provision of cyber security products and services to government and big corporates.

Existing measures

The Australian government has begun to remove market entry hurdles for small firms through its “Digital Marketplace“, an online platform for buyers and sellers of various ICT products and services. Recent changes aim to make it easier for small cyber security firms to work with government agencies.

Actions

4.2 Export Australia’s cyber security to the world

Mounting cyber threats will propel future demand for effective security solutions across Australia and unlock new business opportunities for security providers. Yet the limited size of the local market demands that cyber security firms develop and maintain a strong export focus. If Australia wants to become a leading cyber security provider in the Asia-Pacific region, local firms will need to improve export capabilities. Australia should also investigate ways to become a more attractive base for cyber security exports of multinational corporations.

Many local cyber security firms still lack the scale to effectively compete in markets outside Australia and contribute to global value chains. This is particularly evident for cyber security services firms, which appear to face greater difficulties than hardware and software providers to venture abroad and establish an international market presence. In light of existing country-specific strengths (trade data indicate that Australia is already ‘punching above its weight’ and earns a relatively higher revenue with services than its peers), boosting the export capabilities of local cyber security services firms would deliver particularly strong economic gains.

Support Australian firms to develop more scalable business models

The key obstacle for many Australian cyber security firms, especially in services, is a lack of scalability in their business models. This means that they cannot easily grow in order to capture opportunities, and export relies on expanding their workforce offshore in ways that are often too difficult. Working with Australian cyber security firms to improve the scalability of their businesses will be critical to export growth.

Existing measures

Cyber security firms wishing to expand into international markets can apply for financial assistance through the Australian government’s Export Market Development Grants scheme. The scheme is designed to help small and medium-sized Australian businesses to develop export markets and promote their offerings abroad.

The Australian Trade and Investment Commission (Austrade), the government’s key trade promotion agency, also provides tailored business services to encourage Australian firms to become exporters. These services include help with understanding export markets, competitors, potential customers and available financial assistance.

Australian state and territory governments offer additional assistance or funding to companies seeking help to start exporting.

Actions

Develop cyber security as an educational export

In recent years, education has become one of Australia’s largest export earners, rivalling the country’s top resources exports. This trade success is a testament to Australia’s strong reputation and infrastructure in international education and training, and signals a powerful opportunity for cyber security service providers.

Australia has the potential to become the leading regional, if not global, provider of cyber security education and training. However, realising this potential requires a new focus on growing our cyber security education and training institutions into dynamic, enterprising and export-oriented players.

Existing measures

Austrade has already established a brand—Future Unlimited—for promoting Australian education internationally. Future Unlimited reassures students, and their parents, that their investment in an Australian education will be returned in the form of better career and life opportunities; it implies global career options; and reflects the idea of pathways and internationally recognised qualifications and skills. The current branding strategy does not reference cyber security, however.

The Australian Government, in its Cyber Security Strategy, has also pledged to “build cyber capacity in the Indo-Pacific region and globally, including through public-private partnerships”.

Actions

Attract MNCs to use Australia as an export base for the region

Most of Australia’s cyber security needs are currently met by big multinational corporations (MNCs). They play an important role, not just as security providers, but also as employers. Yet interviews indicate that foreign cyber security providers use their Australian operations almost exclusively to service the local market.

Australia could capitalise further on the presence of multinational corporations by encouraging them to make better use of the country’s proximity to Asia and its potential to serve as a regional export base. Many foreign companies are already attracted to Australia because of its stable political environment, favourable business climate, and its diverse and well-educated workforce.

A range of incentives could be used to encourage multinational cyber security companies to broaden their local operations and ship a larger share of exports from Australia. Multinationals could significantly boost Australia’s export capabilities in cyber security, particularly in services, where local firms are generally most challenged to rapidly improve their export-readiness. Multinational companies, in contrast, already have the necessary scalability that allows them to more easily expand into global markets.

Existing measures

All state and territory governments already offer a range of programs and investment promotion packages to attract foreign investors and businesses. The Australian Government also provides grants and other funding to businesses that need help to start exporting.

Actions

4.3 Make Australia the leading centre for cyber security education

Cyber security firms worldwide are struggling to expand their businesses, as they can’t find enough skilled workers to satisfy the burgeoning demand for security products and services. There are signs, however, that the talent drought affecting cyber security firms in Australia is among the most acute globally. The number of job-ready candidates that Australia’s education system produces is inadequate to meet current industry demand, and while universities have begun to launch new study courses, they won’t generate the graduate volume needed to keep pace with the industry’s rapid expansion.

This skills shortage needs to be addressed quickly. It is already hindering the growth of the Australian cyber security industry. This problem will only magnify in the future as more cyber security providers edge into the market, drawn by the prospect of servicing the growing global security demand. Without a strong education and training system that provides cyber security firms with a robust pipeline of employable graduates, Australia will struggle to grow its cyber security ecosystem and become a leading exporter of cyber security. This makes resolving the skills challenge an economic imperative—it lays the groundwork for any other strategy to advance the competitiveness of Australia’s cyber security industry.

The responsibility doesn’t lie solely with universities and other higher-education providers, but also with vocational training organisations and industry itself. Australian firms need to offer more, and better, opportunities for ‘on-the-job’ training of cyber security graduates. Meanwhile, more programs are needed that help equip professionals from various backgrounds with cyber security relevant skills, so they can transition into the industry.

Attract the best and brightest to cyber security

Because cyber security is a nascent industry, many education providers have only recently begun to include relevant courses in their curricula. While universities and vocational training organisations are increasingly promoting cyber security as an attractive career path, many students are not yet fully aware of the strong job opportunities for cyber security professionals.

In addition to promoting science, technology, engineering and mathematics (STEM), high schools could play a bigger role in nurturing an early interest in cyber security and preparing students for a career in this dynamic, fast-growing industry. There is also scope to better align Australia’s immigration system with the strong demand for cyber security workers to make Australia more attractive as a workplace for international cyber security professionals.

Existing measures

LifeJourney, a US-based online education company with offices in Melbourne, has developed an internet platform to inspire students to pursue STEM careers. The initiative, Day of STEM, aims at promoting cyber security to high school students and is supported by a range of large technology companies and universities, including La Trobe University, Telstra, Westpac and Cisco Systems.

The Australian government has committed in its latest Cyber Security Strategy to “continue to raise awareness in schools of the core skills needed for a career in cyber security”.

Actions

Ramp up cyber security education and training

Australia’s education system is struggling to produce enough cyber security graduates to meet the current and future workforce demand. Labour market projections suggest that the total volume of Australian graduates that will emerge in coming years is insufficient to resolve the cyber security industry’s skills shortage—even when accounting for several newly launched cyber security study courses at leading local universities. This means the output of cyber security education and training programs needs to be substantially increased to ensure Australia’s cyber security industry can realise its full growth potential.

Businesses and education and training institutions should continue to look for ways to work together to tackle the skills shortage and provide more opportunities for targeted cyber security training. Several high-profile partnerships between industry and training institutions, for example between Optus and Macquarie University or between Commonwealth Bank of Australia and the UNSW, have emerged in recent years (see Box 11). They can serve as a blueprint for further collaborations to increase Australia’s pool of cyber security workers with industry-relevant skills.

Existing measures

In its Cyber Security Strategy, the Australian government has acknowledged that developing highly-skilled cyber security professionals is an urgent need and announced the establishment of “academic centres of excellence” to enhance the quality of cyber security courses, teachers and professionals in Australia. The objective of these centres of cyber security excellence is also to “help inspire students to think about careers in cyber security and study STEM subjects at school”.

Actions

Create vibrant, industry-led professional development pathways

The talent shortage in cyber security is exacerbated by employers’ concern that graduates from university programs are not “job-ready”. Opportunities to transition workers from other adjacent parts of the IT sector are also being missed.

Offering visible and attractive pathways for the professional development of cyber security workers would be an important step towards addressing both these issues. This means creating clearer training options for general IT workers who are interested in specialising in cyber security, and improving opportunities for on-the-job training, including graduate programs, which are currently limited to larger Australian firms.

Existing measures

The Australian government has committed A$1.9 million over the next four years through June 2020 “to address the nation’s critical shortage of skilled cyber security professionals”. The money will be used to create Academic Centres of Cyber Security Excellence (ACCSE) in several Australian universities. Key tasks of these new ACCSE are to encourage more young people to study cyber security and to increase the number of post-graduates with job-ready cyber security skills.

A number of larger businesses, including Optus and Commonwealth Bank of Australia, have signed partnership agreements with Australian universities at the forefront of cyber security research to co-design and deliver courses, including short courses that could be part of transition pathways.

Actions

4.4 Summary of strategies and actions

Captured below is a summary of the actions and recommendations identified above. For those identified for action/exploration by ACSGN, it will develop delivery mechanisms as it continues to evolve its program of work to grow Australia’s cyber security industry and mature Australia’s cyber security ecosystem. Recommendations identified for Australian governments are described for exploration and consideration, in partnership with the private sector and research community where possible and relevant to do so.

Grow an Australian cyber security ecosystem: