AFR Cyber Summit 2023: Ian Blatchford's Opening Remarks

Let us start with a quick look at where Australia finds itself today: Increased digitisation is playing an ever more important role in underpinning our economy and collective agenda to elevate and grow ‘higher value’ economic activity, thereby improving the lives of over 26 million citizens.

Australia has enormous potential, but it is not going to be easy. I’m sure you are all aware of our deteriorating cyber environment. We face an exponential growth in cyber incidents. In the last year, we have seen an increase in the number and sophistication of cyber threats, making crimes like extortion, espionage, and fraud easier to replicate at a greater scale. According to its latest report, the ACSC (Australian Cyber Security Centre) received over 76,000 cybercrime reports, an increase of 13 per cent from the previous financial year. This equates to one report every 7 minutes, compared to every 8 minutes last financial year. And it goes without say that those are just the incidents we are aware of.

These incidents do not discriminate – all organisations, no matter their size and individuals, are at risk. Every incident is often critical and results in systemic risks for our digital society. However, we know the vast majority of cyber-attacks can be avoided through the implementation of common mitigation strategies such as the ACSC’s Essential Eight.’

As a global cyber practice, Deloitte sees several long-term structural tensions playing out, such as:

• The growing monoculture around the technology supply- the concentration of risk is growing.
• The insurance market is hardening and in certain instances withdrawing cover, which presents questions on how we underwrite systemic risk; and  
• Growing geopolitical tension and some reversal of globalisation is leading to more complex federated models for data differing regulatory environments, and new concerns around attacks.

As we are repeatedly seeing around the globe and here in Australia, the interconnected nature of our ecosystem means that one incident can impact many, so this risk is now too big for a single organisation, no matter how big, to navigate in isolation.

This means that as industry leaders, we face one all-important question: How can we manage this risk as a collective in a way that leads to measurable improvement in societal resilience? There are several factors we need to get right.

A national strategy with clear roles and responsibilities is part of the answer. Deloitte welcomes the timely development of the 2023-2030 Australian Cyber Security Strategy and recognise that a whole-of-nation effort is needed to protect Australians and our economy. The Strategy’s aim is to make Australia the most cyber secure nation by 2030, and both government and the private sector have significant roles to play for the nation to achieve this. Deloitte also welcomes the government’s appointment of Air Marshal Darren Goldie as the inaugural Coordinator for Cyber Security, supported by a National Office for Cyber Security, to ensure a centrally coordinated approach to deliver Government’s cyber security responsibilities.

Proactively and sensitively sharing best practices is another part of the answer. As many of you would be aware, Deloitte has been in the front line supporting many organisations with incident response and cyber defence, including on significant major data breaches and cybercriminal activity in the last 12 months. We intimately understand the complexities of large-scale incident response, which include the various responsibilities across government, industry, and the community. My colleague David Owen will talk a bit more about this later today.

Another success factor is recognising and proactively closing the cyber skills gap, including the added complexity of navigating quantum and artificial intelligence. According to the Data Institute, Australia is short 2,300 workers in cyber security, with an expected demand of at least 17,600 additional professionals in the sector by 2026. Last year, Deloitte launched its Cyber Academy to address these national skills shortages in cyber security through a collaborative approach between industry, and vocational and higher education. We are now successfully up and running – with 40% of students being female – and we are looking to increase our intake of 200 students in our second year.

Incentives also play a key role in improving societal resilience. As well as
incident response, we recognise the need to incentivise best practice cyber behaviours, grow our cyber security sector and raising national cyber awareness – this provides Australian businesses and families, and our international partners, with confidence, stability, and security in a dynamic cyber threat environment.

I am sure this will be discussed more today but collaboration is the ultimate key. This takes trust, two-way trust, between all the stakeholders involved. Trust is hard to build and easy to lose. We need to build, and nurture concerted public/private partnerships … and for industry to put cyber security at the core of its business decisions and practices – themes that I am sure we will explore in detail during our keynotes and panel sessions.

Personally, I am passionate about figuring out how we make the Australia’s digital ecosystem stronger, maximising our resilience against attacks on the one hand, and helping organisations respond when they are in crisis on the other.