McKinsey’s $1m cyber strategy contract has no ‘core policy work’


Joseph Brookes
Senior Reporter

Consulting giant McKinsey won’t be doing any “core policy work” on Australia’s upcoming cybersecurity strategy, despite being handed a $950,000 contract to manage the project this month.

The six week contract from the Department of Home Affairs will pay nearly $20,000 a day to McKinsey, the former employer of  Home Affairs and Cybersecurity minister Clare O’Neil.

Ms O’Neil’s office declined to comment on the contract, revealed by InnovationAus.com on Tuesday, directing questions to the Home Affairs department.

It said there was no real or perceived conflict of interest in the engagement and that McKinsey would be providing “project management, policy analysis and other support”.

digital people consultants

Ms O’Neil worked for McKinsey as an “Engagement Manager” between 2009 and 2013. The consultancy stint was bookended by Ms O’Neil’s time as a policy advisor to the Treasurer Wayne Swan in 2008 and her election as the Member for Hotham in 2013.

“The Minister for Home Affairs and her office were not involved in the request for quote, the evaluation, or the selection of the preferred tenderer,” a spokesperson for the department said.

It has declined to say exactly what outputs McKinsey would provide, but said the company would not stray into core policy work, according to the spokesperson.

“The tenderer was not engaged to undertake core policy work. They were engaged to provide project management, policy analysis and other support.”

The contract is for services only and has no commitment for a minimum number of McKinsey staff working on the project, the spokesperson said.

The tapping of McKinsey, which had struggled to win federal contracts throughout 2022 after the criticism of its modelling work in Australia’s net-zero plan and several international scandals, comes despite an Albanese government pledge to slash its use of consultants.

But McKinsey’s expertise was needed for the development of the government’s 2023-2030 Australian Cyber Security Strategy, which is aiming to make Australia “the world’s most cyber-secure country” by the end of the decade.

“Consultants were engaged to provide specialised knowledge and expertise consistent with the Commonwealth Procurement Rules,” the Home Affairs spokesperson said.

An expert advisory board has also been established for input on the strategy. It released a discussion paper in February outlining several proposals for the strategy.

Do you know more? Contact James Riley via Email.

2 Comments
  1. Elizabeth 2 years ago

    How many project managers does it take to change Australia’s cybersecurity strategy? Whatever McKinsey can provide for $20,000 a day. But no minimum commitment? Where do you get these gigs? Do the consulting and advisory services of Australia need to know a minister or 10 to win the same sort of deal? There are amazing cyber businesses all over Canberra and the country – Aussie born and funded. Why does the government continue to overlook local SMEs? I wonder if the SME would charge $20k/day for this service? Maybe that’s the issue! Gotta get rid of the budget before 30 June!

    • Digital Koolaid 2 years ago

      Hi Elizabeth. Mariana Mazzucato explains this. Here’s a link hxxps://www.youtube.com/watch?v=6PbYGgkdywY&t=46s

Leave a Comment