Australian budget boosts AI, but cyber gaps remain

The Australian Government's latest Federal Budget has drawn a mixed response from technology and cybersecurity leaders. Executives broadly welcomed investment in AI, data and digital infrastructure, but warned that gaps in cyber resilience and SME protection remain.

Angela Colantuono, President and Managing Director for SAP Australia and New Zealand, said:

"The Budget measures supporting digital innovation and AI are a positive step forward, but it will take sustained investment and genuine partnership between government and industry to deliver impact at scale for a more resilient Australia. As COVID showed, countries with modern, connected systems were better able to respond under pressure, keep businesses moving and support communities through disruption.

At a time of rising costs and stagnant productivity, investment in core business systems and AI is not discretionary technology spending, it is essential economic infrastructure. Australia has a real opportunity to lift productivity, ease pressure on households and strengthen competitiveness, but we must act now to keep pace with an increasingly AI-driven global economy."

Cybersecurity and AI company Arctic Wolf said the Budget's focus on productivity and AI adoption confirms the technology's central role in the economy. The Government has made the AUD $20,000 instant asset write-off permanent, announced new AI accelerator grants, and expanded digital programmes across agencies and regulators.

David Hayes, ANZ Regional Director at Arctic Wolf, described the measures for smaller firms as practical but incomplete.

"The Federal Budget has introduced some practical measures for SMEs, including making the $20,000 instant asset write-off permanent. At the same time, the Budget reinforced that AI is now firmly part of Australia's broader economic and productivity agenda through new AI Accelerator grants and a stronger push to embed AI across government and industry.

He said most SMEs still operate without dedicated security teams and face the same AI-driven cyber threats as large enterprises.

"But while the conversation around AI adoption is accelerating, SMEs still appear to have been largely left out of the broader discussion around how Australian businesses will safely and sustainably adopt these technologies," Hayes said.

Small businesses, he said, see AI as a way to work more efficiently and compete with larger rivals, even as cybercriminals use the same tools to create more convincing scams.

"There's a real push right now for businesses to adopt AI and new technologies faster, and for smaller businesses that's both exciting and slightly confronting. Many SMEs see AI as a chance to finally operate more efficiently, compete more effectively and take pressure off lean teams that are already stretched.

"The problem is cybercriminals are moving just as quickly. The same AI tools helping businesses improve productivity are also helping attackers create more convincing phishing emails, more personalised scams and more sophisticated social engineering attacks," Hayes said.

Search AI specialist Elastic focused on how government agencies will use AI in complex data environments and on the limits of the new AI Safety Institute.

Jeremy Pell, Country Manager ANZ at Elastic, said AI can help cut approvals backlogs, but only if it is built on a strong data foundation.

"The government is right to use AI to cut through the approvals backlog, whether that's environmental assessments or medicine approvals, but technology is not a magic wand. AI is only as good as the data it can find. If these tools aren't grounded in a solid data foundation, they will simply hallucinate wrong answers, leading to legal disasters and even more red tape. To succeed, these tools must be grounded in a robust, searchable data foundation or they will create more bottlenecks than they solve."

He said stronger regulatory investment does not automatically improve security outcomes across the economy.

"An AI Safety Institute is a great start, but policy alone won't stop a data breach. As APRA has consistently warned the financial sector, the real danger is that we are flying blind. Most organisations have their data locked in silos, meaning they can't actually see how AI is using or leaking their information. The $206 million for APRA and ASIC's data and cybersecurity capability is welcome, but investment in the regulator doesn't automatically lift the floor across every organisation they oversee. You cannot secure what you cannot see."

Pell also said the absence of cyber security from the Treasurer's speech sends the wrong signal given the pace of AI-enabled attacks.

"Cyber security didn't get mention in the Treasurer's speech, and that is a concern. We are in a permanent AI arms race, foreign hackers are now using AI to attack us at a speed no human analyst can stop, and the era of manual defence is over. The $89 million to sustain the Australian Cyber Security Strategy shows the government hasn't abandoned the issue, but sustaining existing initiatives is not the same as matching the threat. In 2026, the only way to win is with a defence that moves as fast as the attack, and we would like to see that ambition reflected more boldly in future budgets."

He added that investments such as GovAI, Digital ID and PsiQuantum present a rare chance to modernise Australia, but warned against building disconnected systems.

"Between GovAI, Digital ID, the PsiQuantum quantum computing investment, and the billions already flowing through active government digital projects, this budget represents a once-in-a-generation chance to modernise Australia, but we must not spend it building new digital dead-ends. We need systems that talk to each other, not more disconnected silos. Every dollar spent must ensure that Australian data remains searchable, secure, and firmly under Australian control."

Data security company Cohesity highlighted the link between productivity and recovery from cyber incidents, pointing to research showing widespread business impact from attacks on Australian enterprises.

"The 2026 Budget arrives at a critical moment for Australia's economic competitiveness and national security. The productivity measures to develop digital government infrastructure, cyber security and online safety are pivotal to Australia's next phase of innovation, but there are still important considerations to make," said James Eagleton, Managing Director ANZ at Cohesity.

He said traditional debates often ignore the cost of slow recovery when systems fail.

"Productivity debates tend to focus on investment, skills, and technology adoption. Yet an increasingly important constraint is often overlooked: how quickly organisations can recover when disruption occurs. Whether from system outages, cyber incidents, or operational failures, prolonged recovery times can quietly erode the economy. In effect, speed of recovery has become a hidden productivity function that can influence business outcomes exponentially when systems fail."

Australian enterprises, he said, face higher incident rates and steeper revenue impacts than global peers.

"Cohesity's latest research underscores this urgently. 85% of Australian enterprise businesses suffered a materially impactful cyberattack last year, significantly above the global average of 54%. Of those, 91% reported revenue losses, with nearly a third losing up to 10% of annual revenue."

Eagleton said many organisations run fragmented backup systems and siloed repositories that slow recovery and increase AI risk.

"AI and digital innovation are essential to lifting productivity, but they depend on resilient and well-governed data environments. Many Australian organisations are managing fragmented backup systems, siloed data repositories, and complex recovery processes that slow decision-making and operations. Before we introduce AI at scale, organisations need to get their foundational data infrastructure right. When they do, AI can deliver what it promises: automating manual processes, uncovering real insights, and helping businesses move faster. The total $654.3 million commitment over four years to maintain the security of the Australian Governments Digital ID System, along with other funding commitments including the use of AI to accelerate environmental approvals and the introduction of measures targeting scam prevention and news media sustainability, are important. However, productivity improvement also requires treating cyber resilience and recovery speed as foundational, not an afterthought."

He also argued that overlapping systems across agencies undermine public sector efficiency.

"Discussions about public sector efficiency often assume the challenge is primarily about reducing duplication or increasing digital capability. In reality, much of the efficiency problem stems from something more practical: the steady accumulation of overlapping systems over time. As new platforms are introduced to solve specific problems, older systems are rarely fully retired, creating layers of complexity that become increasingly difficult to manage."

"This data fragmentation can be costly. When departments can't access clean, trustworthy data across silos, they spend time sorting data and often risk deploying AI on fragmented, unprotected data, which can be risky."

"Before the government can leverage AI for genuine efficiency, it needs to treat data consolidation and recovery as a foundation. That means consolidating data so it's protected, auditable, and recoverable. It also means being able to rapidly restore trust in data when incidents or attacks occur. The commitment to develop digital government infrastructure and streamline funding into AI technology reflects a commitment to reform, but true efficiency and meaningful insights will depend on the government building resilient and unified data environments."

Eagleton said resilience should be treated as a national imperative, not just an organisational issue.

"Resilience is often discussed as a problem for individual organisations, but it is a strategic national imperative. When critical services fail, including in energy, finance, healthcare and communications, economic disruption can be widespread. Organisations don't recover in isolation; they recover only when their suppliers, partners and dependencies can also restore normal operations."

He said many businesses remain overconfident about their readiness.

"Our cyber resilience data reveals a critical gap: 56% of businesses report confidence in their cyber resilience strategy, yet 53% still say they need to test and create more realistic recovery plans. This gap between perceived readiness and actual capability is costly, and we see this in the 61% of Australian businesses that received fines or penalties following cyberattacks. This is the highest rate globally, and it shows that many organisations may be confident but still lack rigorous recovery testing."

"True national resilience requires moving beyond individual incident response toward coordinated, tested continuity planning across sectors. That means regular recovery testing, validated procedures, and clear coordination protocols so that when disruption hits, critical services can stabilise and recover in a coordinated way. The budget funding directed toward digital government infrastructure, cyber security and online safety demonstrates commitment to national security. The next step is coordinated recovery testing and validation to ensure true national resilience."

Infrastructure provider Xenith IG pointed to dark fibre as an overlooked part of the AI build-out.

"This year, the Federal Budget confirmed what private capital has already decided: AI is now a critical economic lever for Australia. In the past few months, companies such as AWS, Microsoft and OpenAI have committed more than $50 billion to local data centre capacity, and the country is behind only the United States for global data centre investment," said Noah Drake, Chief Executive Officer at Xenith IG.

He said the focus on funding and facilities has overshadowed the critical infrastructure connecting them.

"Every AI workload, from model training to inference, depends on dense, low-latency dark fibre between data centres. Without it, even large computing capacity cannot perform."

Drake said Australia already has that layer in place.

"Pure-play dark fibre infrastructure in the country's major data centre hubs is operational today, with the scale and diversity required to carry what this Budget and the wider private investment wave will demand."

Identity-focused security company Saviynt said the Budget signals a shift from one-off cyber injections to embedded resilience funding, with large allocations for Services Australia and Horizon 2 of the National Cyber Security Strategy.

"The 2026-27 Budget has officially been handed down, and for us in the cyber security industry the takeaway is that cyber has shifted from an 'emergency uplift' to essential service delivery. Despite the word 'cyber' being absent from the Treasurer's speech, we see $2.1 billion assigned for Service Australia's technical resilience and $89.3 million for Horizon 2 of the 2030 National Cyber Security Strategy. This shows the government now sees cyber as core to the resilience of our infrastructure rather than a headline-grabbing initiative," said Tim Wedande, Field CTO for Asia Pacific and Japan at Saviynt.

Wedande contrasted Australia's stance with more offensive or productivity-linked cyber funding overseas, and said identity and access controls remain a cost-effective foundation.

"As we move into this broader adoption, maintenance and execution phase, some other countries are taking a different approach. The US has pivoted towards AI proactive defence, with spending increasing on more offensive cyber capabilities via USCYBERCOM. The UK's latest spending review links cyber security to economic productivity. Meanwhile, our neighbour Singapore's recent Cybersecurity Amendment bill focuses heavily on protecting operational technology such as physical utilities and supply chains."

"With 2026 Horizon 2 now under way, an expected level of maturity is set to be rolled out across the whole economy. Being fiscally responsible and doing more with the basics, such as Identity and Access Management, is vital for essential Australian service delivery. It underpins core security controls across humans, non-humans, including agentic AI, within the workforce and across global supply chains. It also supports building the cyber resilience foundation that progresses us towards some of our more cyber-mature allies such as the US, along with our 2029 Horizon 3 ambition to be seen as a world leader in the development and adaptive cyber risk management of advanced AI."

Threat intelligence firm Anomali said the Budget supports modernisation across agencies as AI raises the tempo of attacks.

"The cyber security threat landscape is evolving faster than traditional security operations were designed to handle. AI is enabling attackers to move at machine speed, automating reconnaissance, targeting identities, and compressing response windows from days to hours. As a result, we welcome the government's ongoing investment in Australia's cyber security posture, which will support government agencies to further reinforce digital service delivery, reduce fraud and accelerate modernisation of public sector workforce environments," said Matthew Lowe, Regional Director - Pacific at Anomali.

He said cyber resilience increasingly depends on operational intelligence as digital transformation continues.

"As governments and enterprises continue digital transformation initiatives, cyber resilience increasingly depends on operational intelligence: the ability to rapidly prioritise threats, make decisions faster, and respond with context. The challenge today is helping security teams determine what matters most and what action to take next. This budget will help agencies to further improve productivity and simplify security."

ACS welcomes the Government's $70 million AI Accelerator grants and measures to support greater use of AI in government, recognising the importance of responsible AI adoption to Australia's digital economy.

ACS President Beau Tydd said: "AI continues to reshape roles, capability needs, and career pathways across the technology workforce."

"Building AI capability has enormous potential to lift productivity, strengthen the economy, and improve how government and industry deliver services. It is also essential to manage the risks that come with AI adoption, from governance and accountability to workforce readiness and public trust," said Tydd.

"ACS supports lifelong learning across the technology workforce and is ready to support this agenda through our skills assessment expertise, professional standards, certification pathways and workforce insights," added Tydd.

Tydd added: "Australia will need 1.3 million tech workers by 2030, requiring around 60,000 additional technology workers each year to meet national demand.

"Greater transparency and accountability will help build confidence in skills recognition and support clearer pathways into areas of technology workforce demand," said Tydd.