Australia drops down cyber security rankings

Australia has slipped down a list of the top 20 nations ranked by cyber maturity in 2015, falling two spots to fifth place despite a slightly higher score than last year.

The Australian Strategic Policy Institute (ASPI) yesterday released its second annual report into the cyber maturity of 20 nations in the Asia Pacific, including the US and UK. The report analyses a whole-of-nation approach to cyber policy, crime, and security issues to give each country a maturity score.

Last year Australia came in just behind the US and UK in third place with a cyber security maturity ranking of 75.8 [pdf].

The ASPI ranks nations based on their approach to cyber legislation and regulation, international and public-private sector engagement, financial cybercrime, military application of security, digital economy, internet penetration, public awareness and computer emergency response teams (CERTs).

But despite earning a higher score of 79.9 this year, Australia fell to fifth spot behind the US, Japan, South Korea and Singapore [pdf].

The UK was omitted from the 2015 analysis.

Are you an IT leader? Time's running out to get the credit you deserve. Enter the Benchmark Awards today - entries close on Friday.

The ASPI team found that while Australia continued to improve the political, business and social elements of its cyber maturity, there was still a limited coherent national cyber policy to guide cyber developments.

The researchers said the situation would improve should the government successfully deliver and implement its long-promised and imminent updated national cyber strategy.

"While the government is engaging with the private sector during the review process, it’s yet to be seen what the review will deliver and what changes will be implemented as a result," the paper stated.

"Australia’s score could improve with the release of a new cyber strategy and a more streamlined cyber policy structure to complement the country’s operational cyber improvements."

The authors also criticised the lack of a publicly available strategy or policy document guiding the Defence Force's approach to cyber threats.

They said the Department of Defence similarly struggled to engage with parties beyond traditional intelligence partners on cybersecurity issues, and advised the country's ranking could improve with better clarification of the ADF’s roles and responsibilities.

Dialogue on cyber security issues between government and business could also be improved, ASPI said.

At the moment, sustained two-way interaction only exists between government and key sectors like banking, telecommunications and operators of critical national infrastructure

"This effort could be both deepened and widened to incorporate more sectors," the report authors said.

ASPI applauded the government's efforts in terms of international engagement on cyber security, local public awareness of cyber issues, the existence of a dedicated cybercrime unit within the AFP, the country's legislative framework, and use of a CERT. 

The government's updated national cyber security strategy is expected imminently, and is likely to focus on education, guidelines and international partnerships.

The review of the national cyber security guidelines was initiated by the Abbott government late last year.

It was undertaken by a panel that included Australian Strategic Policy Institute international cyber policy director Tobias Feakin.