We are proud to have contributed to the Department of Home Affairs’ consultation on Horizon 2 of the 2023–2030 Australian Cyber Security Strategy.

Launched in November 2023, the Strategy lays out a national plan to strengthen Australia’s cyber resilience. It progresses through three phases (Horizons 1, 2 and 3), involving foundation laying in Horizon 1, to scaling efforts in Horizons 2 and 3.

With Horizon 1 now complete, the Government has released a new discussion paper (Charting New Horizons: Developing Horizon 2 of the 2023–2030 Australian Cyber Security Strategy) inviting submissions on the priorities and outcomes for the next phase. A big focus is on identifying opportunities to leverage existing channels for providing support to the small business and not-for-profit community, recognising the need to intervene at an aggregate level to raise the baseline in an efficient way.

Drawing on 15+ years of frontline experience managing cyber incidents (and supporting the SME and NFP sectors), we crafted our submission with insights from across the cyber security and insurance industry; including brokers, insurers, and risk advisors. We provided a unique and practical perspective on how Horizon 2 should focus on leveraging the cyber insurance market to achieve whole of economy benefits.

Our recommendations aim to amplify resilience efforts across the economy, including:

• Partnering with the cyber insurance industry to leverage their whole-of-market reach. The insurance industry already acts as a trusted advisor to almost all organisations, through insurance brokers. We recommended that the Government establish a Cyber Insurance Working Group to help amplify vital messages and help organisations gain access to key resources that the Government develops to drive down cybercrime. We highlighted that there is a lost opportunity in utilising the insurance market as a channel for alignment on resilience initiatives.
• Promoting or mandating cyber insurance for high-risk sectors and small businesses, including through government contracting mechanisms. Despite making up most Australian businesses, small businesses remain disproportionately exposed to cybercrime due to limited budgets, expertise, and access to proactive and response services. Insurance penetration among SMEs ranges between an estimated 5-25% (contrasted against a 70% take-up amongst the ASX200), and many small businesses only realise the need for cyber insurance (and the support that goes with it) after an incident has occurred. By mandating or promoting cyber insurance, the Government has a unique opportunity to raise the baseline resilience of organisations across the economy and arm them with the tools required to manage cyber incidents effectively.
• Establishing information-sharing forums with industry to unlock de-identified incident insights and support targeted interventions. To highlight the potential of this recommendation our submission also included our latest industry insights and threat intelligence data, as an example of information sharing in practice to support Government policy development and focus efforts on where it is needed most.

Building on the strong foundations established under Horizon 1, we look forward to the seeing the next development of the Australian Cyber Security Strategy and provide real opportunity to scale public-private partnerships.

Thanks to those that supported in pulling it together.

If you would like a copy of our submissions, please contact us.