Jason Murrell, Chair and Co-Founder of the Australian Cyber Network, tackles Australia’s cyber workforce crisis, AI threats, and the urgent need for sovereign capability to strengthen national cyber resilience.

As cyber security threats escalate and resources remain constrained, how can Australia build a more resilient and capable cyber security ecosystem?

Jason shares candid insights ahead of Security Edge, where he will join 150 CISOs and CSOs from Australia’s leading enterprise and government organisations to address the nation’s cyber strategy, workforce shortages, and the urgent need for collaboration and transparency.

Closing the cyber security resource gap

Across Australia’s enterprise and government sectors, cyber security leaders are struggling to maintain resilience with limited resources.

Jason highlighted that while budgets were more flexible in the wake of high-profile attacks, the current economic climate has tightened financial support for cyber initiatives.

He explained that CISOs are increasingly being asked to do more with less.

A few years ago, after major breaches, funding was more readily available, but today, many security leaders are auditing their tech stacks to eliminate redundancies just to make ends meet.

He emphasised that the solution requires a shift in mindset—optimising existing security investments while ensuring that critical capabilities are not overlooked.

However, this is only a short-term fix. The bigger challenge remains: how can Australia systematically close its cyber security gaps by 2030?

 

Reassessing Australia’s cyber strategy

The Australian Cyber Network’s upcoming Cyber Strategy Research 2025 report, set for release in April, takes a hard look at whether public reporting reflects the reality of the nation’s cyber security posture.

Jason pointed out that widely accepted statistics can sometimes be misleading.

The report benchmarks the government’s 2030 strategy, but rhetoric alone is not enough—actual progress has been slow, and key areas remain underfunded.

The report will serve as an annual report card on Australia’s cyber maturity, highlighting wins, misses, and areas requiring urgent intervention.

At Security Edge, Jason will preview critical findings, covering workforce shortages, governance, risk and compliance (GRC) accessibility, and whether AI-driven defences are keeping pace with emerging threats.

 

The workforce crisis: beyond pen-testing

Australia is projected to be 86,000 cyber security professionals short by 2030.

While pen-testing remains a focus, Jason stressed that a broader approach is needed.

He argued that cyber security education needs to start earlier, integrating it at the primary and high school levels. Just as children are taught road safety from a young age, cyber awareness must be instilled early.

Beyond education, Jason emphasised the need for more pathways into cyber careers.

He noted that cyber security is not just about hacking, but also includes governance, risk, and compliance roles, which could attract talent from legal and accounting backgrounds.

Broadening recruitment strategies and making the field more accessible is essential.

Diversity is another challenge he highlighted, explaining that technical roles are still heavily skewed, with only about one in five professionals being women.

Beyond gender diversity, he called for greater inclusion of neurodiverse talent pools and better support structures to reduce burnout.

 

AI threats vs. AI defences: are we keeping up?

With only 30% of CISOs confident in their ability to defend against AI-driven cyber threats, Jason warned that adversaries are outpacing defenders.

He observed that cyber criminals collaborate more effectively than defenders.

Attackers share intelligence, sell attack kits, and scale their efforts using AI, while defensive teams often face barriers to collaboration due to market competition.

Jason pointed out to the need for stronger intelligence-sharing and cooperation among security leaders.

He compared cyber security to disaster response, noting that in times of crisis, people rush to help rather than exploit vulnerabilities, urging industry and government leaders to adopt a similar approach in cyber security.

He also stressed the importance of AI governance within businesses.

Companies have rushed into AI adoption without fully controlling what data employees feed into these models.

The risk is not just external threats—it is also what organisations unknowingly expose.

 

The sovereign capability imperative

Jason warned that Australia is losing its cyber security innovations to offshore commercialisation despite having world-class talent.

He contrasted this with Israel, where 30% of billion-dollar cyber security firms originate.

To counter this, ACN is launching a $100M–$200M fund for cyber, AI, and quantum solutions, using an incubator model to fund startups solving critical security challenges.

The goal is to retain local talent and build sovereign capability.

He emphasised that cyber security cannot be delayed and called for collective action from government, industry, and security leaders to shift from reacting to threats to proactively securing Australia’s future.

 

Key takeaways

  • Cyber security budgets are tightening, forcing CISOs to optimise existing resources and identify redundancies.
  • Australia faces a cyber workforce shortage, projected to reach 86,000 unfilled positions by 2030, necessitating early education and alternative career pathways.
  • Public reporting may not fully reflect Australia’s cyber resilience, with ACN’s upcoming report set to highlight key gaps and areas needing urgent attention.
  • AI-driven threats are advancing faster than defences, requiring stronger intelligence-sharing and collaboration between industry and government.
  • Australia must develop sovereign cyber capabilities, with funding initiatives aiming to retain local innovation and prevent talent drain to offshore markets.

 

​In a previous Security Edge panel, Jason discussed strategies for making Australia the world’s most cyber-secure country by 2030.

Contributors
Jason Murrell Renowned Cyber Security Advocate and Consultant
With over 20 years of experience in start-ups and the broader technology industry, I am a renowned advocate for cyber security in... More

With over 20 years of experience in start-ups and the broader technology industry, I am a renowned advocate for cyber security in Australia. My journey has been marked by fostering collaboration and propelling the growth of Australia’s cyber security industry.

Key Achievements:

  • Developed strategic initiatives and partnerships that fuel innovation in collaboration with start-ups, industry leaders, government agencies and academia.
  • Recognised thought leader, sharing insights on entrepreneurship, cyber security and public-private sector collaboration.
  • Featured in reputable media outlets, amplifying the significance of cyber security in today’s digital landscape.

I am committed to driving innovation and resilience in the field, leveraging my expertise to align strategies with industry needs and address evolving cyber threats. My role at AustCyber involved close collaboration with various stakeholders to develop strategic initiatives and forge partnerships that fuel innovation.

Less
Justina Uy Content Strategist
Justina Uy is a data-driven content producer that thrives on democratising elite know-how to empower Australia’s underdogs. Skilled at translating complex ideas... More

Justina Uy is a data-driven content producer that thrives on democratising elite know-how to empower Australia’s underdogs.

Skilled at translating complex ideas into a compelling story across formats and channels, she shifts seamlessly between writing long-form articles, creating viral social media posts, and producing thumb-stopping videos.

Since 2015, Justina executes her vision through a sophisticated understanding of the rapidly evolving digital and business landscape to serve entertaining and educational insights to the executive community.

Less
security leadership compliance