Escalating geopolitical tensions, cyber warfare, supply chain shocks, artificial intelligence and skills shortages are reshaping how organisations assess risk. In this climate, digital sovereignty – the ability to control and secure a nation’s critical digital infrastructure – has become a strategic imperative.
Recent cyber incidents have exposed vulnerabilities in national systems, while the pandemic underscored the risks of offshore dependence. For business and government alike, the question is no longer whether digital sovereignty matters, but how quickly the capability can be built.
Nick Sone, chief customer officer at Australian-founded, owned and operated systems integrator Brennan, said digital sovereignty is ultimately about ensuring control, capability and confidence that essential systems will continue to operate regardless of global instability.
“Digital sovereignty means knowing that critical data, systems and the skills to manage them remain in Australian hands, even when global conditions change,” Mr Sone explained.
A new risk landscape
Public sector agencies, critical infrastructure operators and large enterprises are grappling with more frequent attacks and more stringent compliance requirements.
The Australian Cyber Security Strategy, the federal government’s overarching roadmap for strengthening Australia’s cyber-resilience through to 2030, sets the direction for improving national resilience.
It works alongside the Essential Eight mitigation strategies developed by the Australian Cyber Security Centre, and the Information Security Manual (ISM), which outlines detailed security controls to help organisations protect systems, applications and data.
Together, these frameworks define expectations. Yet, designing and maintaining compliant systems has become more complex, often requiring specialised expertise that is in short supply.
“The cadence, intensity and precision of cyber attacks have consistently climbed, year-on-year. But with the advent of AI opening a new and worrisome front, the threats are set to evolve faster than traditional models can keep up, making it even more crucial we invest in and build up Australia's sovereign capabilities,” Mr Sone said.
Australia is expected to face a shortfall of tens of thousands of cybersecurity professionals in coming years. For CIOs and CTOs, the focus is shifting from questioning the need for sovereign capability to determining how it can be built at pace.
The case for homegrown tech partners
The federal government’s Buy Australian Plan and Digital Sourcing Framework are helping reset procurement priorities, placing greater emphasis on domestic providers who can offer secure, scalable services without reliance on overseas jurisdictions.
In 2022–23, the Commonwealth spent $74.8 billion on goods and services, including more than $7 billion on computing, software and communications. There is a compelling argument that a greater share of this spend should remain onshore.
This is where Australian-founded providers like Brennan are stepping up. As Australia’s largest sovereign systems integrator, Brennan delivers cybersecurity, networking, cloud and artificial intelligence services for enterprise and public sector clients.
Being Australian-owned and operated means local knowledge and know-how informs local decision-making, faster responses and a deeper understanding of regulatory requirements.
"Digital sovereignty isn't solely about data being stored in Australian date centres, although that is a crucial component. It's about having infrastructure, governance and skilled Australian knowledge workers in place to protect and manage it,” Mr Sone said.
“We punch above our weight on the global stage, but we could and should be doing more to elevate our prowess at home.”
Strengthening capability through investment
Brennan’s recent acquisition of Canberra-based CBR Cyber has accelerated its expansion in the public sector and broadened its pool of security-cleared professionals.
The partnership has also paved the way for a dedicated sovereign Security Operations Centre (SOC), providing advanced threat monitoring for government and critical infrastructure clients. This will complement Brennan’s existing hybrid SOC, which supports hundreds of enterprises nationwide.
According to Mr Sone, several key shifts are required to advance Australia’s sovereign capability. First, government policy and procurement processes must evolve to prioritise sovereign providers, particularly where they can deliver value, security and scale.
Secondly, local technology firms need to work more collaboratively, showcasing their expertise and innovating alongside their customers rather than competing in isolation.
And third, long-term sovereignty depends on people: Australia must invest in developing cybersecurity, cloud and digital capability locally through targeted training, apprenticeships and stronger partnerships with universities and TAFEs.
“We're under no illusion this will be an easy or quick cake to bake. But we have all the ingredients, tools and skills to meet the growing appetite for Australia's sovereign capabilities. What we may need more of is the orchestration to pull it all together.”
Creating resilience
As businesses integrate more digital systems, they also introduce more external dependencies. Sovereign partnerships can provide a safety net – not by closing the door to global collaboration, but by ensuring core capabilities remain under Australian control.
This is particularly relevant for sectors like government, mining, healthcare, energy and defence,. These sectors rely heavily on uninterrupted operations and trusted data flows.
“Any disruption has consequences not just for business, but for national security and economic stability,” Mr Sone said.
“As we’ve recently seen with conversations around rare earth minerals, disruptions or even the threat of disruptions has profound consequences - not just for business, but for economic stability and even national security.”
Australia needs to be able to run and protect its own digital systems. In Western Australia, the engine of national exports and energy supply, this isn’t just a security issue; it’s about resilience and economic opportunity.
“Investing in sovereign technology means investing in Australian skills and IP. It keeps money onshore, grows local cybersecurity talent and builds long-term resilience across the economy,” Mr Sone said.
“Building capability locally also drives innovation and supports jobs. Across nearly every metric worth measuring, the elevation of digital sovereignty delivers tangible dividends to Australia.”
A call to action
Digital sovereignty is about preparing Australia for an uncertain future. With the right investments and partnerships, sovereign capability can strengthen security, deliver greater economic resilience and improve outcomes for businesses and the public.
As geopolitical and cyber threats continue to escalate, the question is no longer whether Australia can afford to invest in digital sovereignty, but whether it can afford not to.
To learn more about how sovereign technology solutions can strengthen your organisation, visit Brennan at https://www.brennanit.com.au/
