In the last few months we’ve seen a rush of action towards establishing a united front to defend our Australian shores from cybercrime.
In February, Prime Minister Anthony Albanese appointed a National Coordinator for Cyber Security, announced at the Cyber Security Roundtable, as part of the under progress 2023 - 2030 Australian Cyber Security Strategy.
The Privacy Act Review Report, had been released a few weeks prior, containing 116 proposals to strengthen and modernise the act, with feedback open to the public (until March 31).
In December, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 increased the maximum penalties for serious privacy breaches to (the greater of): $50 million; three times the value of any benefit obtained through the misuse of information; or 30 per cent of an entity’s adjusted turnover in the relevant period.
In 2023, business leaders will experience an increased pressure from clients, customers, shareholders, board of directors, regulators, to get up-to-speed on cyber security best practice.
Will government investment stop cyber attacks?
The short answer is, no.
But, with the right approach (if the strategy works - read here what needs to happen) what it will do is reduce the risk to a manageable level.
It will also place an onus on businesses to take a proactive approach for managing data as well as the expectation from current and potential customers of those businesses to have in place a comprehensive and proactive cyber security approach.
Investment in cyber security is what Australians have been waiting to see, but why hasn’t this happened until now and what improvements can we expect from here?
2023 - 2030 Australian Cyber Security Strategy
The strategy discussion paper lays out the ambition for Australia to become the most cyber secure nation by 2030. Core policy areas and potential options, outline interventions that we might see by the end of the year:
- Consideration of a Cyber Security Act that draws together cyber-specific legislative obligations and standards.
- Further developments to the CSOCI Act such as including customer data and ‘systems’ in the definition of critical assets to ensure the powers afforded to government extend to major data breaches.
- Less ambiguous regulatory frameworks: stakeholder feedback has demonstrated the need for more explicit specification of obligations, including some form of best practice cyber security standards.
- More streamlined reporting obligations and response requirements following an incident.
International Cyber Security Strategy
- Work better with international partners to protect ourselves and respond to incidents.
- Shape global thinking particularly with emerging technologies and contribute to international technology and security standards.
- Ensure that investments in areas of economic opportunity (health, infrastructure and education) are also underpinned by effective cyber security.
Securing Government data as an example to others
Ahead of the game, the government has admitted that they “should stand out as an exemplar of cyber security”. However, the Commonwealth Cyber Security Posture in 2022 report “reveals government agencies have a long way to go to properly secure government systems.”
In fact, only 11% of entities in the report reached “Overall Maturity Level 2” and the majority are “yet to implement basic policies and procedures”.
Other policy options for consideration
- Improved information sharing with industry on cyber threats, looking to international mechanisms and suggestions from the Australian community.
- Best practice models for automated threat blocking at scale.
- Addressing the skills shortage of cyber security professionals.
- Clarification of what the victims of a cyber attack can expect to happen in response to an incident.
- A consistent understanding of what consumers, small and medium sized enterprises (SMEs) and other organisations must take to enhance their cyber security.
- How Australia can create an environment that attracts investment in cyber security and other critical technologies.
- A Robust Data Governance methodology and approach which is actively monitored and assessed within a business which includes proactive Data Lifecycle management
Read these articles, for more cyber security insights:
➡ Hard to miss, it's been a big 12 months (and still going).
➡ It's every Australian businesses' responsibility to protect our data. So, why hasn't this happened?
➡ Let's take a look at best practice.
Questions about cyber security, data governance, data quality or data strategy? Feel free to reach out to Lisa to chat.
Lisa has 30 years' industry experience in Business Intelligence, Data Governance, CyberSecurity and Master Data Consultant, together with MBA, CPA and GAICD qualifications and specialist skills in developing Business Intelligence solutions - including data warehouse project management, master data and business process optimisation.