Estimating the PRC’s economic espionage threat to Australia

This article appeared in UTS:ACRI's Perspectives on February 6 2026. Perspectives is the commentary series of the Australia-China Relations Institute at the University of Technology Sydney (UTS:ACRI), offering research-informed viewpoints on developments and debates in the Australia-China relationship.

In July 2025, the Australian Security Intelligence Organisation (ASIO) partnered with the Australian Institute of Criminology (AIC) to publish a report on The Cost of Espionage affecting the country. This included estimated losses from successful foreign espionage. The report did not estimate the costs to the government of all counter-espionage (trying to defeat foreign spies) but it did offer estimates of costs to firms of cyber defence and indirect costs of being victims of cyber attack.

To quantify the losses, the report focused on economic and commercial espionage in the private sector and not on losses due to espionage against national security, military preparedness of the armed forces or military-related science and technology. The report (p. 6) estimates that Australian businesses and other actors, such as universities, suffered $2.5 billion worth of ‘actual costs’ from theft of intellectual property (IP) and trade secrets in 2023-24. There was an additional estimated value (not an actual cost) for the impact of insider threats related to foreign governments of around $0.3 billion. An insider threat in IP theft espionage terms is where a legitimately engaged employee or contractor makes commercial secrets from the employer available to a foreign government. The methodology for this insider threat estimate in the report does not seem well grounded.

The People’s Republic of China (PRC) is the only perpetrator country of economic espionage named in the report, though the mentions of the PRC are judiciously and sparingly deployed. On the other hand, the PRC has been regarded by many, such as the IP Commission in the United States as the leading practitioner of industrial espionage that can result in substantial economic loss to its victim countries.

For argument’s sake, we could take the total estimate for Australia’s 2023-24 business losses ($2.5 billion and the insider threat estimate of $0.3 bn) and assume that total of $2.8 billion to be attributable to the PRC. After all, the report asserts that its estimates are conservative (on the low side). In that financial year, national gross domestic product (GDP) reached $2.7 trillion. Thus, the estimate of actual commercial losses from theft of IP or trade secrets, if all would be attributed to the PRC, reached just over 0.001 percent of Australia’s GDP. 

The report further estimated the national costs of mitigation and counter-espionage to these threats to business, universities or government at $12.5 billion. The report becomes more alarming when it estimates possible costs of extreme events, such as theft of price data in sensitive negotiations, with one price negotiation case cited from 2008 causing an estimated loss of $2 billion (in 2024 prices).

In my view, the report from the AIC and ASIO on the costs of espionage adds little to the debate over PRC commercial and economic espionage to Australia except to raise the question of whether it should be an even lower priority in ASIO’s work. Missing from the report is a convincing methodology or a compelling case study that allows the reader to grasp the severity of the commercial or economic espionage attacks. 

The report might have used a classification of seriousness of incidents ranging from low, medium to high, as suggested in a proposal from a 2010 US study cited by the AIC report.  If the reader can’t see an open and shut case with serious consequences like the bankruptcy of a nationally significant firm because of IP theft, we are left wondering if the threat to the country is that serious. 

Such a scalar approach to incidents would be a guide to which ones are worthy of ASIO attention rather than being handled exclusively by the private sector actor involved and the police. IP security might be the primary responsibility of its owner not the government in the majority of cases analysed in the AIC report, but the reader can’t tell.

In contrast, the potential costs to Australia of the PRC’s espionage against targets of national security interest (political and military personnel, military equipment technologists, our intelligence agencies and military plans) may be immeasurable in dollar terms. Such threats are the primary responsibility of our intelligence agencies and must remain of the highest priority.

In fact, the threat from several additional countries on this front alongside the PRC appears to have become more serious in recent years, notably India and Iran.

The PRC remains a grave espionage threat to Australia. 

Since the country is re-examining ASIO priorities, especially in the face of the Bondi attack and increasing hate crimes against religious communities, First Nations people, women and LGBTIQA+ people, there is room to ask about the attention paid by ASIO to cases of commercial or economic espionage with less serious implications for the national interest than organised violence.

I posed this question in an article on ASIO in 2024:  Is Australia’s security more threatened by foreign spies ‘than by terrorists who may achieve a mass casualty attack involving Australian victims?’

The researchers from AIC have offered a useful set of conclusions but mainly in the field of econometrics on how such economic losses might be estimated for companies affected by IP theft or other forms of commercial espionage. However, in my view, the report falls short in its main aim: to fill a ‘significant gap in our understanding of the harm associated with espionage’.

The AIC report also does not systematically examine what is involved in the theft of IP, how foreign actors process it and how it is fed into their own national industrial or military systems over the long hall. As two European researchers put it, ‘Even if a country had access to all the blueprints and designs of a given weapon system, many crucial aspects would still be lacking’. Moreover, the AIC report fails to analyse at length the prioritisation that states make between high grade national security IP and exclusively civil-use products.

In August 2025, two of Australia’s most prominent analysts put a useful proposition in response to the release of the AIC report: ‘ASIO is the security service, but it’s not our security manager.’ That may be a proposition worth further public exploration when it comes to commercial and economic espionage against Australia.