Cybersecurity attacks have become a growing focus for many businesses and governments. A challenge in responding is to determine the level and allocation of cyber-security budgets.

This 2023 paper reflects on a proposed system for benchmarking and evaluating cybersecurity strategies, assessing both the strategy's design and its implementation. In doing so, it critiques existing approaches as Australia emerges from what the government has described as a period of “cyber slumber.”

Australia's existing public and private capacity, despite the increased emphasis on the cyber domain, is likely insufficient to counter the full range of threats it faces in cyberspace.

Since 2022, Australia has significantly expanded its cyber and intelligence capabilities through major new investments. The scale of this expansion has prompted discussion of its geopolitical drivers and the implications for public and parliamentary oversight.

Australia’s 2025 cyber response plan introduces a “nationally catastrophic” incident category, but preparedness for such a crisis remains unclear. This paper argues that cyber civil preparedness and resilience must become central to national security policy.