← Back to Blogs

Australia’s Cybersecurity crossroads: Breached, understaffed, and playing catch-up

Ami Hofman · January 7, 2026

What do Optus, Medibank, and Latitude Financial all have in common—aside from landing on the front page after massive breaches? They’re symptoms of a deeper national problem: we’re underprepared, underinvested, and increasingly outpaced in the cyber arms race.

In the past two years, breaches affecting tens of millions of Australians have become routine. According to the ACSC, we now report one cybercrime every 6 minutes.

That’s not a stat—it’s a siren. And yet, half of Aussie SMBs still spend less than $500 a year on cybersecurity. That barely buys a decent lock, let alone digital defence.

Meanwhile, our talent pipeline looks more like a trickle. We have ~200 pen testers in the entire country. That’s two hundred. To secure a digital economy the size of Australia’s, experts say we’d need over 216,000 cyber professionals. That’s nearly 20 times what we have now.

We wouldn’t send two paramedics to cover the whole of Sydney, yet we’re doing the equivalent in cyber.

And let’s talk innovation. Despite having unicorns like Canva and Atlassian in tech, we’ve produced zero billion-dollar cyber companies. Why? Because too often we’re followers, not first movers. We wait for global vendors to “prove it” overseas before we try it here—by then, the game’s already changed.

We’re not short on intelligence. We’re short on urgency. In a threat landscape that evolves faster than a TikTok trend, delay is dangerous.

– It’s time to reframe cyber from a compliance checkbox to a boardroom priority.
– It’s time to stop relying on skilled migrants alone and build serious local capability.
– It’s time to create the conditions where an Aussie cyber unicorn can actually grow.

Because if we don’t shift gears now, we risk becoming not just a target—but a testbed.

Australia’s cyber future doesn’t have to be reactive. But it does need to be bold, local, and relentless.

Are we finally ready to stop playing catch-up?

Can we create an ecosystem to support Australia’s ambitions to become a leading cybersecurity nation ?