The BGA Australia Team, led by Managing Director Michael “Mick” McNeill, wrote an update to clients on the Australian government’s 2023-2030 Australian Cyber Security Strategy.


  • The Australian government’s long-awaited 2023-2030 Australian Cyber Security Strategy seeks leadership and collaboration from government and companies as the country responds to growing threats associated with emerging technologies. Cybersecurity Minister Claire O’Neil said, “Cybersecurity requires government and big business to lead. From today, we are shifting more of the cyber risk to those who are most capable.”
  • Canberra believes establishing the right cybersecurity foundations will help Australia seize new opportunities from the digital economy and become a global leader in cyber technologies. An action plan outlines the first phase of initiatives, which will address critical gaps through partnerships across industry and government.


  • As the cybersecurity minister foreshadowed in September, the strategy will build six “cyber shields”: strong citizens and business, safe technology, world-class threat sharing and blocking, protecting critical infrastructure, sovereign capabilities and building a resilient region. The strategy includes a US$186 million package supporting small and medium businesses, US$92 million to strengthen critical infrastructure and enhance government cybersecurity, US$83 million for regional and global cyber resilience and US$6 million to build a threat-sharing platform across the health sector.
  • An Executive Cyber Council will be established as a coalition of government and industry leaders to improve sharing of threat information across the whole economy. The government will also work with industry to pilot next-generation threat-blocking capabilities across Australian networks by establishing a National Cyber Intel Partnership.


  • The government is allocating US$375 million until 2030 on top of its commitment to fund US$1.5 billion of related initiatives of the Australian Signals Directorate. O’Neil said, “the decade of sleepwalking on cyber ends with our government,” and her counterpart in the shadow government, James Paterson, said there “is nothing radical or revolutionary in the strategy.”
  • The plan offers clear cyber guidance for businesses by providing industry with additional information on cyber governance obligations under Australia’s current regulations. It co-designs options to establish a Cyber Incident Review Board to conduct no-fault incident reviews.The government will work with industry to break the ransomware business model by co-designing options for a mandatory no-fault, no-liability ransomware reporting obligation for businesses to report ransomware incidents and payment. A ransomware playbook will be developed to provide guidance to businesses.

We will continue to keep you updated on developments in Australia as they occur. If you have any questions or comments, please contact BGA Australia Managing Director Michael “Mick” McNeill at

Best regards,

BGA Australia Team