Cyber Security: It’s every Australian businesses’ responsibility to protect our data. So, why hasn’t this happened?

If the past year brought out a new flavour, it would taste a lot like lack-of-security frustration, mixed with a solid dose of cyber vulnerability and a dash of data exposure.

March 28, 2023

If the past year brought out a new flavour, it would taste a lot like lack-of-security frustration, mixed with a solid dose of cyber vulnerability and a dash of data exposure, says Notitia Director Lisa Byrne.

"We’ve seen large-scale cyber threats and the consequences of poor cyber security, against the backdrop of a growing digital economy," Lisa says.

"It brought the realisation that we, as a nation, don’t do enough to protect data (particularly customer and patient data) and the clock is ticking."

In the last few months we’ve seen a rush of action towards establishing a united front to defend our Australian shores from cybercrime.

Last week, Prime Minister Anthony Albanese appointed a National Coordinator for Cyber Security, announced at the Cyber Security Roundtable, as part of the under progress 2023 - 2030 Australian Cyber Security Strategy.

The Privacy Act Review Report, had been released a few weeks prior, containing 116 proposals to strengthen and modernise the act, with feedback open to the public until March 31.

In December, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 increased the maximum penalties for serious privacy breaches to (the greater of): $50 million; three times the value of any benefit obtained through the misuse of information; or 30 per cent of an entity’s adjusted turnover in the relevant period.

Historical lack of investment in cyber security

Cyber security has been a critical part of data strategy and data governance for decades.

What has not happened in this time, however, is the critical level of investment and maturity required, across all businesses and institutions, for it to be successful as a frontline defence, says Lisa.

"Largely, Australian cyber security policy has relied on businesses to take ownership and responsibility of their own data security."

What are some of the reasons why this hasn’t been successful?

  • Ambiguous cyber security policy framework around obligations and best practices has not given clear direction to businesses.
  • Knowledge gaps in small business and the misconception that an organisation or business isn’t an attractive target or has valuable data - when it’s estimated that small businesses are the target for 43% of attacks. (need reference link)
  • Prior to December 2022, there has not been enough penalties in place to act as a deterrent, such as the European Union’s General Data Protection Regulation (GDPR).
  • Overall, a lack of (or ineffective) cyber security awareness and education campaigns targeted at Australian businesses, during the critical stages of their growth and maturity.
  • Targeted education campaigns to position businesses to understand the reactive cost and risks should an attack happen vs the cost of implementing a proactive cyber security plan
  • Data strategy maturity. Not having the right plan in place that has been industry-proofed by experts from in and outside of the business.

Cyber Security isn't just about the "technical stuff". In fact, much of the work is led as part of data strategy and data governance, via a company-wide approach.

Dealing with cyber risks is listed in the top #3 of key challenges that Australian business leaders will face this year, according to a KPMG report released in January.

KPMG Australia surveyed a mix of C-Suite executives and board members from private sector enterprises and senior public sector executives, with 473 responses.

40% of total respondents said that "dealing with cyber risks" was in their Top 5 challenges this year.

But how many business leaders are positioned in 2023 to executive a company-wide approach to data privacy and security?

Read these articles, for more cyber security insights:

Hard to miss, it's been a big 12 months (and still going).

➡ We read the 2023-2030 Australian Cyber Security Strategy, so you don't have to.

Let's take a look at best practice.


Book a meeting with Lisa to chat about your data quality, data strategy & cyber security needs.

Lisa Byrne has 30 years' industry experience in Business Intelligence, Data Governance, CyberSecurity and Master Data Consultant, together with MBA, CPA and GAICD qualifications and specialist skills in developing Business Intelligence solutions - including data warehouse project management, master data and business process optimisation.

Not only is Lisa highly regarded for the ability to analyse complex operational scenarios and provide workable solutions to achieve business objectives, she also has considerable experience in the management of effective medium to large technical and business teams across project environments and ‘business as usual’.