Cyber Security's Role in Australia’s Digital Economy
Oxford Economics Australia supplied the economic figures for AustCyber's Australian Cyber Security Sector Competitiveness Plan.
Project background
Australia, as most countries around the globe, has had to deal with increasing costs of cybercrime. Largely fueled by the rise in online transactions due to the COVID-19 pandemic, cyber attacks reached a global peak in 2021.[1] However, the costs associated with them have continued to rise, reaching a staggering US $8.15 trillion globally in 2023.[2] To support its planning and to better understand the development of the cyber security sector in Australia, AustCyber commissioned Oxford Economics Australia to determine the current size of the cyber security sector in Australia, to determine possible future trends for inclusion in its sixth edition of Australia’s Cyber Security Sector Competitiveness Plan.
The challenge
The cyber security sector has experienced rapid growth over the past few years, however, there is still limited reporting around it. Providing accurate insights is not an easy task, given the very specific skill set required to be considered a cyber security specialist. For example, it’s easy to mischaracterise general ICT workers as cyber security workers, which could potentially lead to incorrect estimates of the sector’s gross value added (GVA) or jobs. This could then have the effect of misinforming key stakeholders, such as state governments, who cannot effectively implement policy to address the sector’s needs. For a sector as crucial as cyber security, this could have detrimental effects. Other issues around the sector worth addressing include job concentration in different cities and states, gender disparity and accurate forecasting.
Approach and solution
Using the most granular data available of the Australian and New Zealand Standard Classification of Occupations (ANZSCO) from the 2021 census, we were able to estimate the proportion of ICT workers that were dedicated specifically to cyber security tasks (we call these ‘core’ cyber security workers). By applying this proportion to Labour Force Survey data published by the Australian Bureau of Statistics (ABS), we were then able to calculate an accurate time-series of employment in the core cyber security sector across both state and gender.
After we obtained a time-series of employment in the cyber-security sector, we used wage data from AUCyberExplorer and ABS’ Australian industry data to estimate the industry’s gross value added (GVA). We then forecasted both employment and GVA to FY 2030.
The results
We found that Australia’s cyber security sector currently employs 24,454 core roles, defined as those requiring deep technical expertise, with salaries averaging $119,694 AUD in the public sector and $124,331 AUD in the private sector. The GVA of the sector to the Australian economy was estimated to be approximately $3.9 billion AUD. In terms of geographical distribution, we found that 30% of Australian cyber security specialists are based in NSW and 25% are based in Victoria. It must be noted that NSW has the highest proportion of GVA generated by female cyber security specialists, who generated 36% of the state’s GVA in FY 2023.
Following a seasonal model with a trend component, we forecast the sector will require around 33,000 positions requiring specialist skills in December 2030, at the national level. In terms of GVA, we expect the sector will contribute $5.2 billion AUD to the Australian economy in FY 2030, if growth follows a similar pattern as it has historically.
[1] “Australia’s Cyber Security Sector Competitiveness Plan 2023”, AustCyber, accessed 07 May, 2024, p. 7, https://www.austcyber.com/resource/australias-cyber-security-sector-competitiveness-plan-2023.
[2] Ibid.
