Tech Council of Australia chief executive Kate Pounder has warned that Australia should not accept growing cyber threats as the cost of doing business online, saying that greater investment in the local cybersecurity industry should be incentivised.
Ms Pounder made the call to action to boost cyber resilience during her first speech to the National Press Club on Wednesday.
Among the four priority areas that would help Australia tackle the “ever-increasing number and severity of cybersecurity incidents”, Ms Pounder said Australia needs a “modernised legal framework fit for the digital age that creates the right incentives for organisations to invest in the appropriate collection, use and protection of data”.
However, in response to a question from InnovationAus.com, Ms Pounder reiterated the Tech Council’s position that this should not include data localisation requirements.
“The Tech Council, which is predominantly Australian companies, doesn’t support data localisation as a default requirement, and we certainly don’t think it’s an answer. It actually often adds resilience if data can be held in multiple locations,” Ms Pounder said.
To illustrate her point, Ms Pounder said ensuring “critical and sensitive data was backed up in locations outside” the Ukraine was one of the first things that needed to be done following its invasion by Russia.
“We think it is obviously important to think about where [data is] held and who it’s held by, but [Australia] has a number of allies, and the answer must no always be Australian, in fact we don’t think it should be,” she said.
“There would be a number of Australian tech companies who would find it very hard to operate globally, given we’re an industry specialising in software, were we to introduce requirements like that.”
Ms Pounder added that there are some sets of data that are appropriately subject to data localisation requirements, such as the My Health Record system, but it shouldn’t apply to “the main portion of data that we have”.
Drawing parallels between a cyber tech capability uplift and “sustained incremental technology and policy improvements” that have reduced road deaths and increased bushfire resilience, she added that “we can make this sort of progress again with a national culture of cyber safety, implemented through a real partnership with industry, government and the community”.
Last December, Home Affairs and Cybersecurity minister Clare O’Neil said “data localisation is going to very much be a feature of the discussion” while developing the federal government’s new cybersecurity strategy.
Ms Pounder also called for the “better use and adoption of technologies, like digital identity and verification, that can help prevent or reduce the damage caused by successful cyber attacks”, “a new national cyber security plan underpinned by effective coordination between the public and private sectors”, and a “strong pipeline of cyber and tech talent”.
In particular, she noted that while LinkedIn data shows an 80 per cent increase in the number of cyber workers in Australia between December 2018 and December 2022, think tank Per Capita argues that we need an additional 8,000 cyber workers now and expects a 30,000 worker shortage in four years.
While Australia can’t compete with the level of private investment of nations like the United States and China, “we can absolutely match their smarts”, Ms Pounder said.
Businesses in the United States spent US$538 billion (AU$778 billion) on R&D in 2020, whereas in Australia only AU$18 billion was spent in financial year 2019-20.
However, Ms Pounder still argued that regulatory changes should be made to incentivise further private sector investment “in new technologies, such as quantum, AI, cyber and biotech” to help drive productivity, which will fight inflation.
“That’s why one of the major recommendations in our recent budget submission was the establishment of an investment allowance to incentivise investment in priority areas of the economy,” she said.
“This allowance would let businesses immediately deduct a share of significant investments in innovative and productive areas. It would cover both tangible and intangible assets.”
Do you know more? Contact James Riley via Email.
Risks seem to multiply as we try to avoid them. The more you look for risks – the more you find. Kate sees “ever-increasing number and severity of cybersecurity incidents”. No amount of money will remove them. This is basic risk management – risks that can’t be avoided must be accepted and mitigated. You can’t make your drive to work 100% safe, but you still drive there. You can’t make your flight to Bali 100% safe but you still take that vacation. Are people who don’t understand “cyber” always afraid? Are they always dreaming of new risks? Maybe. BTW, the Digital Identity meme will improve nothing, other than ubiquitous surveillance. Is that a risk? (Kate studied Politics, International Studies and English – hxxps://au.linkedin.com/in/katepounder).
I am a TCA Member, we were not consulted about this issue at all and when I raised it with Tom and Kate we were just side lined. There seems to be a few members that get to set the TCA position and their is no formal consultative process.