(Image: AAP/Lukas Coch)

If the government were serious about protecting Australia's businesses and governing institutions from "sophisticated state-based cyber actors", there's a pretty simple thing it could do: instead of using security flaws in widely used software for commercial espionage, it could alert software manufacturers to them.

But it won't do that, because nonsense like Friday's cybersecurity media conference -- in which a prime minister and his defence minister breathlessly announced the nation was under attack -- are about theatre and distraction.

The follow-up to Scott Morrison's histrionics was today's warning that businesses would -- in news that must have gladdened the hearts of every CIO in the country -- be forced to invest in greater cybersecurity. Except, the government's latest cybersecurity strategy, being assembled by the Keystone Cops of the Home Affairs Department, is already months late.