Skip to main content

Cyber just got promoted: what WA's new Digital Strategy means for anyone selling to government

In the 2026–2030 strategy, cyber moves from a single line to a standalone operating model - and the buying landscape has shifted under vendors' feet.

Avatar
Ben Gray 27 June 2026 · 2 min read
Cyber just got promoted: what WA's new Digital Strategy means for anyone selling to government

What WA's new Digital Strategy really signals for cyber - and the vendors selling to government

Western Australia published its Digital Strategy 2026-2030 this month, and if you work in cyber or sell to government, it deserves more than a skim.

The headline most people will miss: cyber has been promoted. In the 2021–2025 strategy, security sat as one priority among four - "Safe and secure" - and within it, cyber was a single line about improving resilience. In the new strategy, Protected information and systems stands on its own as a full priority, with three operational objectives: setting standards and skills, continuous monitoring and threat intelligence, and rapid incident response and recovery.

That's not a wording tweak. It's cyber moving from an aspiration to an operating model.

Three changes stand out to me.

First, the centre now has teeth. The old strategy talked about a whole-of-government operations centre in terms of visibility. The new one describes a WASOC monitoring more than 100 government systems around the clock, a shared vulnerability scanning service agencies can plug into, a central capability uplift unit, and the WA Government Cyber Security Policy as the instrument every agency is measured against - analysed annually. WA isn't asking 100 agencies to each solve cyber on their own. It's building the capability centrally and pulling agencies up to it.

Second, cyber is now treated as an emergency. The Cyber Security Unit has been named the Hazard Management Agency for cyber incidents - the same machinery WA uses for bushfires and floods. When a government frames a risk that way, mandate and funding tend to follow.

Third - and this is the quiet one - the strategy has turned inward. The 2021 vision was about the citizen: convenient services, life events, digital inclusion. The 2026 vision leads with the public sector itself - "a digitally capable public sector, collaborating." Digital inclusion, a standalone priority last time, has been folded away. Meanwhile a genuinely new lane has opened: the responsible, safe adoption of new technology - AI governance - which didn't appear in the 2021 document at all.

So what does this mean if you're a vendor?

The buying landscape has shifted under your feet. The strategic decisions - platforms, monitoring, threat intelligence - increasingly sit with the centre: the Office of Digital Government, the Cyber Security Unit, the WASOC. But the policy still has to be met agency by agency, and most agencies need help getting there. That's effectively a two-tier market: central platform plays, and agency-level uplift and compliance services. The vendors who win will be clear about which one they're in - and stop pitching the wrong one to the wrong buyer.

It also means your message has to match the strategy's language. Posture uplift. Continuous monitoring. Threat intelligence sharing. Resilience. Rapid recovery. If your offer maps cleanly to one of those three objectives, you're speaking the buyer's language. If it doesn't, you're noise.

And if you sit in GRC, data protection or AI assurance, Priority 3 is your opening. Government has just told you, in writing, that adopting new technology safely is now a stated objective.

The strategies worth reading aren't the ones that describe a vision. They're the ones that describe how the money will move. This one does.

Published by

Ben Gray Portfolio Director, Cyber Security & Risk - ANZ, Public Sector Network