Reading time: 4 minutes
Late last week, the Federal Government unveiled the widely anticipated Australian Cyber Security 2020 strategy. The strategy replaces the 2016 strategy1 and comes on the back of an increase in state and non-state cyberattacks on all levels of Australian government and Australian businesses. It highlights the importance of taking a fresh approach to cybersecurity, given an increased reliance now, and in the future, on the digital economy and interactivity online, brought on by the COVID-19 pandemic2.
The new strategy underscores the ongoing importance of cybersecurity and highlights the growth potential that the sector offers investors.
The strategy will see a total of $1.67 billion invested over ten years in a number of private and public sector initiatives aimed at improving and updating regulation, government and business response to cyber-attacks, and protecting and improving critical infrastructure.
In previous posts covering cybersecurity and our Global Cybersecurity ETF (ASX: HACK), we focused on the increased spending in cybersecurity, with specific attention given to cybersecurity’s pertinent link with Covid-19 and recent high-profile examples of cyber-attacks on Australian businesses. While these themes remain prominent in the Cyber Security Strategy 2020, the focus shifts to another key area of cyber-defence – government regulation and business responsibility for cybersecurity attacks.
The new plan focuses on government support, yet importantly it also centres on business and communities taking responsibility for their online products, services, and overall connectivity, as outlined in the image below.
Roles and responsibilities in cybersecurity
Source: Australian Cyber Security Strategy 2020
Government regulation and accountability
While the new strategy involves increased spending across the private and public sectors, there is a focus on “the Australian Government developing an enhanced regulatory framework for critical infrastructure and systems of national significance”3. This improved framework will be delivered through amendments to the Security of Critical Infrastructure Act 2018 and will “introduce obligations for the owners of (Australia’s) critical infrastructure assets.”
This is by no means a new theme, with major data, software and cybersecurity provider Splunk (which has a 6% weighting in HACK ETF4) noting in May 2020 that governments across the globe are implementing new mandatory cybersecurity requirements for critical infrastructure businesses5.
It can therefore be expected that spending in cybersecurity will increase not only because of traditional reactions to cyber-attacks and increased government spending, but also because businesses will have to adopt new cybersecurity measures to become ‘cyber-compliant.’ This in many ways creates a structural growth underpinning to an already high-growth sector.
The Australian Cyber Security 2020 strategy emphasises organisations taking responsibility for their own cybersecurity. The government will look to support businesses in this endeavour through the creation of a more secure Internet of Things (IOT)6, the creation of a more cyber-skilled workforce and immediate threat-blocking capabilities7.
This is consistent with cybersecurity measures that are being implemented globally. The NIS Directive, as formulated by the European Union in July 2016, produced legal and regulatory measures for member states and specific businesses to take responsibility for their own cybersecurity8. Further, it noted that key digital services providers (which could come to cover IoT9) will have to comply with security and notification requirements under the new directive.
At a business level, spending on IoT cybersecurity measures is set to hit $6 billion globally by 2023, according to a report by Juniper Research10. Additionally, cybersecurity firm Verodin (now part of FireEye which has a 3% weighting in the HACK ETF11) noted that it expects an increase in spending by businesses on IoT and greater usage of skilled cyber-security firms in their CyberSecurity 2020 Report.
These examples show how the Australian Government is adopting cybersecurity measures that are expected to boost the size of the cybersecurity industry in Australia, and which are in line with the sector’s global trends.
Investing in cybersecurity
Investors can access the potential for global growth in cybersecurity through the BetaShares Global Cybersecurity ETF (ASX: HACK), which provides diversified, cost-effective exposure to global cybersecurity companies. Many of the companies within HACK’s portfolio are at the forefront of providing cybersecurity services to both the public and private sectors and are well-placed to benefit as businesses around the world not only take action to become cyber-compliant, but also seek ways to better protect customer data.
HACK has returned 17.4% over the 12 months to 31 July 2020, and 19.5% p.a. from inception in August 2016 to 31 July 202012.
Investment risks in relation to HACK include market risk, cybersecurity companies risk, concentration risk and currency risk. For more information on risks and other features of HACK, please see the Product Disclosure Statement, available at www.betashares.com.au.
2. https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf, Page 10.
3. https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf, Page 29.
4. Source: www.betashares.com.au, as at 10 August 2020.
6. The Internet of Things or IOT, as explained in the following article; A simple explanation of the internet of things, “refers to the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other).”
7. https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf. page 42.
11. Source: www.betashares.com.au, as at 10 August 2020.
12. Past performance is not indicative of future performance.