Australian federal budget 2026: The industry perspective - Cyber Daily

Australian federal budget 2026: The industry perspective From spending and investment in artificial intelligence and data sovereignty to the challenge of protecting the nation from cyber security threats, industry experts and observers have a raft of opinions on this year’s federal budget. David Hollingworth • Wed, 13 May 2026 • SECURITY SHARE David Hayes ANZ regional director, Arctic Wolf The federal budget has introduced some practical measures for SMEs, including making the $20,000 instant asset write-off permanent. At the same time, the budget also reinforced that AI is now firmly part of Australia’s broader economic and productivity agenda through new AI Accelerator grants and a stronger push to embed AI across government and industry. But while the conversation around AI adoption is accelerating, SMEs still appear to have been largely left out of the broader discussion around how Australian businesses will safely and sustainably adopt these technologies. There’s a real push right now for businesses to adopt AI and new technologies faster, and for smaller businesses, that’s both exciting and slightly confronting. Many SMEs see AI as a chance to finally operate more efficiently, compete more effectively, and take pressure off lean teams that are already stretched. The problem is that cyber criminals are moving just as quickly. The same AI tools helping businesses improve productivity are also helping attackers create more convincing phishing emails, more personalised scams, and more sophisticated social engineering attacks. And unlike large enterprises, most SMEs don’t have in-house cyber teams or the luxury of large security budgets. In reality, many business owners are trying to navigate AI adoption, cyber security, and day-to-day operations all at once. That’s why cyber security needs to become part of the national conversation around economic resilience and productivity, not just something businesses think about after adopting the technology. AI absolutely represents a huge opportunity for SMEs, and many smaller businesses are actually better placed to move quickly and innovate than larger organisations. But if Australia wants SMEs to help power the next phase of growth, they also need the confidence that they can embrace these technologies safely. VIEW ALL Beau Tydd President, ACS AI continues to reshape roles, capability needs, and career pathways across the technology workforce. Building AI capability has enormous potential to lift productivity, strengthen the economy, and improve how government and industry deliver services. It is also essential to manage the risks that come with AI adoption, from governance and accountability to workforce readiness and public trust. ACS supports lifelong learning across the technology workforce and is ready to support this agenda through our skills assessment expertise, professional standards, certification pathways, and workforce insights. Australia will need 1.3 million tech workers by 2030, requiring around 60,000 additional technology workers each year to meet national demand. Greater transparency and accountability will help build confidence in skills recognition and support clearer pathways into areas of technology workforce demand. Jason Duerden Area vice president, Australia and New Zealand, SentinelOne The budget takes positive steps on secure digital government, including funding for Services Australia security and ongoing investment in Digital ID. But given the scale of AI cyber threats now facing Australia, the broader question is whether we are moving quickly enough. Cyber attacks are already placing sustained pressure on government, businesses, and critical infrastructure. For smaller businesses, even a single day of disruption can mean lost revenue, lost productivity, and serious operational strain. AI will raise the stakes further, making threats faster, more targeted, and harder to detect. The $70 million AI Accelerator is a smart start, but the real test will be execution. AI in government and industry only delivers if organisations are equipped to enable it, and the legislative framework has guidelines to enforce safe innovation and governance. Defence spending is essential, but modern national security is also being tested through the digital systems that support government services, defence supply chains, critical infrastructure, and the small businesses that keep the economy moving. Nation-state actors are targeting consistent vulnerabilities in the core software operating system supply chain – agencies that show complacency by putting all their eggs in one basket are not an effective defensive strategy. Australia has made good progress on cyber policy and strategy, but the next phase needs to focus on operational readiness. Agencies and critical sectors need the visibility, automation, and response capability to detect threats earlier, contain attacks faster, and recover before disruption reaches essential services. Funding individual programs is important, but the real test is whether Australia’s digital infrastructure is ready for the speed and scale of the threats now emerging. David Irecki CTO for APJ, Boomi The federal budget’s emphasis on inflation, cost-of-living relief, and productivity comes as no surprise, and the government’s turn to AI in pursuit of these gains is welcome, particularly where the focus extends to AI solutions built in Australia. This is where digital sovereignty stops being a talking point. The value of these commitments depends on where the data lives, where the models are trained, and who ultimately controls the infrastructure underneath. While no dollar figure has been assigned to an all-encompassing nationwide AI initiative, there is meaningful action underway to improve the government’s digital capabilities. Sustained backing from both government and industry in AI, digital skills, and emerging technologies will be essential to build on this momentum. This budget will be a significant test of the government’s resolve. These initiatives lay the foundations for further investment, but it is on the government to take the next steps: investing in AI talent, workforce upskilling, and cross-sector collaboration to sustain AI-friendly legislation. Throughout this period, AI guardrails and governance must remain front of mind to ensure adoption keeps pace with the safeguards needed to protect citizens, maintain trust, and uphold the integrity of government decision making. This means building connectivity and control into AI-powered operations, giving agencies end-to-end visibility over their data and policy enforcement required to scale responsibly. Jeremy Pell Country manager, ANZ, at Elastic The government is right to use AI to cut through the approvals backlog, whether that’s environmental assessments or medicine approvals, but technology is not a magic wand. AI is only as good as the data it can find. If these tools aren’t grounded in a solid data foundation, they will simply hallucinate wrong answers, leading to legal disasters and even more red tape. To succeed, these tools must be grounded in a robust, searchable data foundation, or they will create more bottlenecks than they solve. An AI Safety Institute is a great start, but policy alone won’t stop a data breach. As APRA has consistently warned the financial sector, the real danger is that we are flying blind. Most organisations have their data locked in silos, meaning they can’t actually see how AI is using or leaking their information. The $206 million for APRA and ASIC’s data and cyber security capability is welcome, but investment in the regulator doesn’t automatically lift the floor across every organisation they oversee. You cannot secure what you cannot see. Cyber security didn’t get mentioned in the Treasurer’s speech, and that is a concern. We are in a permanent AI arms race, foreign hackers are now using AI to attack us at a speed no human analyst can stop, and the era of manual defence is over. The $89 million to sustain the Australian Cyber Security Strategy shows the government hasn’t abandoned the issue, but sustaining existing initiatives is not the same as matching the threat. In 2026, the only way to win is with a defence that moves as fast as the attack, and we would like to see that ambition reflected more boldly in future budgets. Between GovAI, Digital ID, the PsiQuantum quantum computing investment, and the billions already flowing through active government digital projects, this budget represents a once-in-a-generation chance to modernise Australia, but we must not spend it building new digital dead-ends. We need systems that talk to each other, not more disconnected silos. Every dollar spent must ensure that Australian data remains searchable, secure, and firmly under Australian control. Alex Coates Chief executive, Interactive The $74 million being invested to establish a national centre to fight terrorism and online threats sounds significant, but I cannot think of why the need couldn’t be fulfilled by stronger collaboration between government and industry. It is true, we are facing complex times, and the threat of breaches, hacks, and losses relating to cyber security is more significant than ever before. But the government cannot do everything – as evidenced by the budget allocations – and combining powers, even on a consulting level, with the technology industry would be a more efficient outcome. The desire to help is here. The resources to make a difference are here. The sovereign skills we need already exist in organisations operating and protecting critical systems at scale. Tackling terrorism and online threats effectively means pooling that real‑world capability across government and industry to move faster and deliver outcomes, not just frameworks. If Australia wants unstoppable businesses and trusted public services, technology investment cannot be treated as separate from how our economy and services operate. Technology is no longer a support function – it underpins how Australians live, work, and access essential services. Cyber resilience, sovereign infrastructure, and modern digital services are now nation‑building priorities. Noah Drake Chief executive, Xenith IG This year, the federal budget confirmed what private capital has already decided: AI is now a critical economic lever for Australia. In the past few months, companies such as AWS, Microsoft, and OpenAI have committed more than $50 billion to local data centre capacity, and the country is behind only the United States for global data centre investment. While the conversation has fixated on the funding and the facilities, a hidden story is about the critical infrastructure that connects them. Every AI workload, from model training to inference, depends on dense, low-latency dark fibre between data centres. Without it, even large computing capacity cannot perform. The good news for Australia is that this layer is already in place. Pure-play dark fibre infrastructure in the country’s major data centre hubs is operational today, with the scale and diversity required to carry what this budget and the wider private investment wave will demand. Nicole Quinn Vice president, policy and government affairs, Asia-Pacific and Japan, Palo Alto Networks Any investment in strengthening Australia’s cyber security resilience and advancing secure AI adoption is a positive step. As AI becomes more deeply embedded across government and industry, ensuring security is built in from the outset – secure by design – will be critical to protecting organisations, critical infrastructure, and the broader economy. Matthew Lowe Regional director – Pacific, Anomali The cyber security threat landscape is evolving faster than traditional security operations were designed to handle. AI is enabling attackers to move at machine speed, automating reconnaissance, targeting identities, and compressing response windows from days to hours. As a result, we welcome the government’s ongoing investment in Australia’s cyber security posture, which will support government agencies to further reinforce digital service delivery, reduce fraud, and accelerate modernisation of public sector workforce environments. As governments and enterprises continue digital transformation initiatives, cyber resilience increasingly depends on operational intelligence: the ability to rapidly prioritise threats, make decisions faster, and respond with context. The challenge today is helping security teams determine what matters most and what action to take next. This budget will help agencies to further improve productivity and simplify security. Tim Wedande Field CTO for Asia-Pacific and Japan, Saviynt The 2026–27 budget has officially been handed down, and for us in the cyber security industry, the takeaway is that cyber has shifted from an “emergency uplift” to essential service delivery. Despite the word “cyber” being absent from the Treasurer’s speech, we see $2.1 billion assigned for Services Australia’s technical resilience and $89.3 million for Horizon 2 of the 2030 National Cyber Security Strategy. This reflects on our government seeing cyber core to the resilience of our infrastructure rather than a headline-grabbing initiative. As we move towards this broader adoption, maintenance, and execution phase, some other countries are taking a different approach. The US has pivoted towards AI proactive defence, with spend increasing on more offensive cyber capabilities via USCYBERCOM. The UK’s latest spending review links cyber security to economic productivity. Finally, our neighbour in Singapore’s recent Cybersecurity Amendment Bill, funding focuses heavily on protecting operational technology such as physical utilities and supply chains. With 2026 Horizon 2 now also having started (the second phase of Australia’s government-authored cyber security strategy), an expected level of maturity is expected to be rolled out for the whole of economy. Being fiscally responsible and doing more with the basics, such as identity and access management, is vital for essential Australian service delivery. It underpins core security controls across human, non-humans (including agentic AI) within the workforce and across global supply chains. It also supports building the cyber resilience foundation that progresses us towards some of our more cyber-mature allies, such as the US, along with our 2029 Horizon 3 ambition to be seen as a world leader in the development and adaptive cyber risk management of advanced AI. James Eagleton Managing director, ANZ, Cohesity Resilience is often discussed as a problem for individual organisations, but it is a strategic national imperative. When critical services fail – including in energy, finance, healthcare, communications – economic disruption can be widespread. Organisations don’t recover in isolation; they recover only when their suppliers, partners, and dependencies can also restore normal operations. Our cyber resilience data reveals a critical gap: 56 per cent of businesses report confidence in their cyber resilience strategy, yet 53 per cent still say they need to test and create more realistic recovery plans. This gap between perceived readiness and actual capability is costly, and we see this in the 61 per cent of Australian businesses that received fines or penalties following cyber attacks. This is the highest rate globally, and it shows that many organisations may be confident but still lack rigorous recovery testing. True national resilience requires moving beyond individual incident response towards coordinated, tested continuity planning across sectors. That means regular recovery testing, validated procedures, and clear coordination protocols so that when disruption hits, critical services can stabilise and recover in a coordinated way. The budget funding directed towards digital government infrastructure, cyber security, and online safety all demonstrate commitment to national security, and it’s important now that we look at coordinated recovery testing and validation to ensure true national resilience. Want to see more stories from trusted news sources? Make Cyber Daily a preferred news source on Google. David Hollingworth David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego. Tags: News Analysis Feature Opinion