Efforts to ramp up Australia's response to the threat of attacks have placed it among the best-performing Asia-Pacific nations on a measure of their cyber capabilities.
Defence think tank the Australian Strategic Policy Institute ranked Australia equal second with Japan out of 25 nations for cyber policies in a report released on Tuesday that said the region's nations had grown more mature in responding to the threat.
Only the United States, which in 2016 suffered Russian interference in its presidential election, performed better than Australia in this year's report on regional cyber security.
The federal government's appointment of a cyber ambassador, a role filled by Tobias Feakin, and its creation of a special assistant ministry and positions advising the Prime Minister on cyber security were among decisions that earned Australia's high rank among nations in responding to the threat.
While these appointees had advanced cyber security, the government needed to better clarify their roles and responsibilities, especially in regard to Australia's cyber offensive capability, the ASPI report said.
Further change would come after the 2017 Independent Intelligence Review recommended that the Australian Cyber Security Centre receive a broader mandate as the national cyber security authority, and also argued for more clarity about ministerial responsibility for the issue.
Australia's computer emergency response team took up more responsibility for government cyber security programs and opened its first joint cyber security centres in Brisbane in February and Melbourne in October.
The government also announced it would form a 900-staff Information Warfare Division, responsible for cyber operations within the Australian Defence Force, and has declared it has conducted cyber operations against ISIS.
The Asia-Pacific avoided a major cyber security incident in 2016-2017 - such as an attack on critical national infrastructure - and most online criminal activity was still perpetrated by non-state groups making significant revenue with little risk of prosecution, the APSI report said.
Many of the region's countries used cyber security laws to impose or strengthen information control and censorship, it said.
Follow Doug Dingwall on Twitter.