Prepare for cyber security compliance update, SMEs urged

According to industry experts, Australian business owners will play a major role in helping the federal government maintain cyber security, with SMEs at the forefront.

Speaking at a seminar hosted by law firm Jones Day, Australia’s first special adviser to the Prime Minister on cyber security Alastair MacGibbon said that businesses are important in maintaining Australia’s cyber security.

“The Australian government recognises that we must lead by example when it comes to detecting, deterring and responding to cyber threats and risks,” he said.

“But we cannot do this in isolation. It is absolutely critical we partner with and have the support of businesses to drive and implement the initiatives we outlined in our Cyber Security Strategy.

“Strong cyber defences have much wider-ranging implications than most people realise – [the Cyber Security Strategy] has huge benefits to our economy, improves social opportunities of connecting online and boosts our national prosperity.”

The Cyber Security Strategy is Australia’s draft plan for maintaining cyber security in the coming years.

“Businesses own and operate most of the infrastructure in cyberspace,” the report states.

“They have information about malicious cyber activities on their networks and systems that is not readily available to government agencies.

“On the other hand, the government has access to intelligence and other restricted information about cyber security threats that is not readily available to businesses.”

Adam Salter, a partner in Jones Day’s cyber security, privacy and data protection division, said the bipartisan support for the strategy demonstrated the urgency with which digital security must be addressed.

“Despite several failed attempts to pass mandatory breach notification legislation over recent years, there now appears to be bipartisan support for the current bill before the Parliament, meaning businesses should be taking action now to ensure they are ready to comply with the legislation once it takes effect,” he said. 

“Based on our experience in other jurisdictions that have introduced mandatory data breach notification, such as the US and the EU, companies that are not adequately prepared are at greater risk of being sued by their corporate customers, for breach of privacy obligations embedded in their customer contracts, and by consumer customers,” Mr Salter said.

He added: “In particular, businesses should review (or, if not already in place, develop) risk management and compliance policies and procedures to both prevent data breaches and deal with them, in the unfortunate but increasingly likely event that they occur”.

promoted stories