Australian Federal Government’s 2024–25 Budget

How the federal budget will impact data protection and the cyber security sector.

As we reflect on the outcomes of the 2024–25 Federal Budget, it is imperative to assess the Australian Government’s commitment to bolstering Australia’s cyber resilience and data protection for business, government and its’ citizens. Understanding that cyber risks are widespread, initiatives solely focused on cyber security may not encompass the entirety of required investments. Privacy reforms and regulatory enhancements are integral in addressing cyber risks alongside targeted funding for cyber coordination and anti-scam measures.

The 2024–25 budget papers reveal allocations towards key areas:

  • $206 million — To Improving Cyber Security of Regulators and Registers
  • $288.1 million — To Expanding Australia’s Digital ID System
  • $472 million — Investment in Quantum Computing

 

Brief overview of the 2024–25 Budget’s key ‘data protection’ and ‘cyber-related’ initiatives and associated funding

Expanding Australia’s Digital ID System

$288.1 million over four years for the implementation of its Digital ID scheme, which aims to minimise personal information held by businesses, addressing concerns heightened by recent data breaches. Passed by the Senate in March, the initiative will gradually roll out, with initial users including Australia Post, banks, and credit card operators. Accredited private businesses can join within two years of rollout, as confirmed by Finance Minister Katy Gallagher. Spearheaded by the Australian Taxation Office (ATO), $156 million will enhance the myGovID platform for secure government service access, with a renaming to myID to prevent confusion. Additional funding of $23.4 million will reinforce encryption on both platforms. Essential agencies like the Australian Treasury and the Australian Security Intelligence Organisation will establish data standards and conduct security assessments. Services Australia will manage the scheme, upgrading its identity exchange for secure transactions. Regulatory oversight will involve entities such as the Australian Information Commissioner and the Department of Finance. Furthermore, $11 million will support the development of a smartphone app to alert citizens of identity theft attempts following the 2022 Optus data breach.

Future Made in Australia Plan

$472 million investment in PsiQuantum: The Federal government will partner with the Queensland state government to invest $940 million in PsiQuantum, a US-based quantum computing startup, to build its headquarters in Brisbane. It is a major bet on the enterprise and Australia’s ability to serve as a home base for global quantum computing innovation. “We want to make more things here and quantum computing will give us the technological muscle to do that,” Minister for Industry and Science Ed Husic said in a statement.

Instant asset write-off (extended)

The $20,000 instant asset write-off scheme will be extended to June 2025. Note: the legislation surrounding the extension hasn’t passed parliament.

Australian Sports Foundation

$8.0 million over three years from 2024–25 to support the Australian Sports Foundation to complete technology upgrades, including enhancement of cyber security for the fundraising platform.

Department of Parliamentary Services

$12.8 million over four years from 2024–25 (and $2.3 million per year ongoing) to the Department of Parliamentary Services to enhance information technology to support business productivity and cyber security.

Cyber Security Improvements for NDIS

$160.7 million over four years from 2024–25 (and $24.6 million per year ongoing) to upgrade the NDIS Quality and Safeguards Commission’s information technology systems, to better protect the safety of NDIS participants, reduce regulatory burden on NDIS providers, and improve cyber security.

Securing Australia’s place in the world

This includes ensuring the security of our critical diplomatic network over the long term and improving resilience to cyber threats, by investing more than $388.2 million over the forward estimates to upgrade Australia’s communications infrastructure and overseas property, including in the Pacific.

Services Australia

$1.8 billion over three years from 2023–24 for additional frontline staff to help stabilise Services Australia claims backlogs and service standards, to continue emergency response capability and improve the cyber security environment.

Cyber Security of Regulators and Improving Registers

$206.4 million over four years from 2024–25 (and $7.2 million per year ongoing) to improve the data capability and cyber security of the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) and to continue the stabilisation of business registers and modernisation of legacy systems. The cost of this measure will be partially met from cost recovery through ASIC and APRA industry levies.


Cyber Security of Regulators and Improving Registers

Payments ($m)

 

 

 

 

 

 

2023–24

2024–25

2025–26

2026–27

2027–28

Australian Securities and Investments Commission

81.8

16.2

16.5

10.4

Australian Prudential Regulation Authority

29.4

21.8

11.6

10.4

Australian Taxation Office

4.2

Department of Industry, Science and Resources

1.5

Department of the Treasury

1.0

0.5

Department of Finance

0.4

0.2

0.2

0.2

Total — Payments

118.2

38.7

28.3

21.1

Related receipts ($m)
Australian Prudential Regulation Authority

29.4

21.8

11.6

10.4

Australian Securities and Investments Commission

9.3

12.2

13.6

Total — Receipts

29.4

31.2

23.8

24.0

 

Ongoing commitments from 2023–24 Budget

National Cyber Security Coordinator

$46.5 million was allocated in last year’s budget over four years (3 years remaining) ($11.8 million per year ongoing) funding a new cyber coordination role announced by Government in February this year. The individual who takes up this post will play a central role in responding to cyber-attacks in Australia and coordinating the Government’s efforts to strengthen national cyber resiliency.

Security of critical infrastructure assets

$19.5 million was allocated in last year’s budget over five years (4 years remaining) to “continue work to improve the security of critical infrastructure assets and assist owners and operators to respond to significant cyber-attacks”. It is unclear if this will be allocated to the Cyber and Infrastructure Security Centre within the Department of Home Affairs (the Centre drives Australia’s critical infrastructure regime in partnership with the Government, industry and broader community).

Standalone Privacy Commissioner and investment in the Office of the Australian Information Commissioner (OAIC)

$8.4 million per year ongoing to support the announced role of a standalone Privacy Commissioner to focus on data security threats and the growing number of privacy risks in the digital age. Until now, the combined ‘Information Commissioner and Privacy Commissioner’ role has been responsible for privacy, freedom of information and Government’s information management. Funding also supports continuation of OAIC investigation and enforcement action and enhancing its data analytics capability.

Reform of the Privacy Act 1988 (Cth)

$0.9 million was allocated in last year’s budget over two years (1 year remaining) for the Attorney General’s Department to progress its review of the Privacy Act. This will also enable the Department to support a separate independent review of the Act’s Privacy (Credit Reporting) Code 2014 (as required by the Act every four years) to ensure the Code remains fit for purpose in the evolving credit reporting landscape.

Scams and online fraud counter measures

$86.5 million  was allocated in last year’s budget over four years (3 years remaining) to address scams and online fraud. This includes $58 million to establish a National Anti-Scam Centre within the Australian Competition and Consumer Commission (ACCC), $17.6 million for the Australian Securities and Investments Commission (ASIC) to take down investment scam and phishing websites, and $10.9 million to establish a SMS Sender ID Registry tackling scams imitating businesses and the Government in text message headers.

Commonwealth entity cyber resilience

$12.2 million was allocated in last year’s budget over five years (four years remaining) to continue providing Commonwealth entities with cyber monitoring, detection, and response services, and enable continued assessment/certification of third parties used to host Commonwealth entity data.

Small business cyber resiliency program

$23.4 million was allocated in last year’s budget over three years (2 years remaining) to launch a ‘Cyber Wardens’ program aimed at building in-house cyber capability and training 50,000+ individuals (a clearly important area given the important role small and medium businesses play in the economy and that some statistics suggest these businesses are targeted in 60%of all cybercrime).

Office of the eSafety Commissioner

In last year’s budget an additional $134.1 million was allocated over four years ($33.7 million per year ongoing) to fund the Office’s continued education, outreach and investigatory activities.


In the wake of a newly announced budget, where allocations have been made across various sectors, the importance of regulation, investment and sovereignty in bolstering data protection and security becomes even more apparent. Regulation serves as a crucial foundation for enforcing cyber security and data standards, ensuring adherence to legal requirements and holding entities accountable for breaches.

Concurrently, strategic investment in Australian cyber security infrastructure, technologies and skilled personnel is paramount for enhancing resilience against evolving global threats. Sovereignty plays a pivotal role in safeguarding national interests, enabling governments to establish and enforce cyber security policies, control critical infrastructure and protect sensitive data from external threats. By allocating resources across these key areas, the budget lays the groundwork for building a secure and resilient digital environment, safeguarding both economic prosperity and national security for Australia.

Source: Australian Government, Treasury, 2024–25 Budget, May 2024