In short, cyber-security is growing; and Australia is growing. To provide a bit more data and analysis to back this up, I'll present a couple of current and topical reference points.
For 'exhibit A' I would point to the Ultra Electronics preliminary results presentation released at the start of March 2013. For those who don't know of Ultra Electronics, they are a UK-listed defence, security, transport and energy company with operations around the world. According to their website, they have "twenty-five businesses, which deliver over one hundred distinct market niches", which makes it interesting to look at the parts of their business that they see are growing, and which geographies they see growth in also.
In their preliminary results presentation, Ultra includes a list of "regions where we see growth", as follows:
- Middle East
Australia is obviously well positioned in that group of countries due to its political stability, strong legal framework, similar business environment, and strong positive relationship between the government and the governments of the countries-of-origin of the majority of the serial acquirers in the cyber-security space (US, UK, Japan, and others).
This is solidly confirmed by the 'Ease of Doing Business' rankings put together by the International Finance Corporation / World Bank. Australia comes 10th (out of 185 ranked countries). By comparison, the other countries in that list come 130th (Brazil), 91st (China), 132nd (India), 128th (Indonesia), 71st (Turkey), and 22nd (Saudi Arabia, the highest ranked Middle East country). Libya is unranked.
Ultra also includes details in their preliminary results presentation of positive service-line revenue drivers, as follows:
- Anti-Submarine Warfare
- Cybersecurity generally and ECU speciﬁcally
- Airport IT
- Power management and
- Nuclear energy
So two out of the five are IT related; and cyber-security is acknowledged as being a positive revenue driver in its own right.
Putting the two things together, the cyber-security market in Australia is a growing business area, in arguably the 'easiest' of the identified growth economies to do business in. This alignment is rare and valuable.
For 'exhibit B', I refer to the article with a lead-in on the front-page of the Australian Financial Review today, 27th March 2013, titled 'Telstra’s cyber security strategy for growth'. The article references Telstra COO Brendan Riley as saying that "...Telstra had begun bolstering its local team of cyber security experts as a major selling point for its $1.3 billion cloud computing and network services business."
This is relevant from two different perspectives.
Firstly it provides a clear indication of the need to have a visible cyber-security strategy for any large ICT service provider. From a market positioning perspective, large ICT providers cannot be seen to be ignoring the importance of cyber-security as a future driver of growth.
Secondly, it provides an indicator of the need for cyber-security operations within companies such as Telstra, not for the purpose of provide stand-alone cyber-security services, but rather as part of a broader 'secure IT' push. It is not enough for a company such as Telstra to have a cyber-security division providing these services; the market is now expecting every service provided by Telstra to have a rigorous level of security applied as part of business-as-usual. Such an approach significantly changes the scale of the resourcing challenge these organisations will have.
When discussing resourcing and recruitment challenges, the must-read report continues to be 'A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters' (http://csis.org/files/publication/101111_Evans_HumanCapital_Web.pdf), released by the CSIS Commission on Cybersecurity for the 44th Presidency (USA), in November 2010, which discusses in depth the shortage of both quality and quantity in the cyber-security personnel marketplace.
As the CSIS Commission Report so eloquently puts it:
"cybersecurity is similar to 19th century medicine - a growing field dealing with real threats with lots of self-taught practitioners, only some of whom know what they are doing."
In such an environment the value of proven cyber-security teams - who know what they are doing - is clear. And the market peak for cyber-security is a long way off, as 'IT Security' is replaced by 'Secure IT', significantly magnifying both the market size and the market need.