On 13 July 2021, the Department of Home Affairs published a discussion paper entitled Strengthening Australia's cyber security regulations and incentives, which focuses on regulatory reforms and voluntary incentives to strengthen the cyber security of Australia's digital economy.
The paper is in response to recommendations made in the 2020 Cyber Security Strategy Industry Advisory Panel and seeks public views about approaches and initiatives proposed.
Three key areas of focus are highlighted:
- Setting clear cyber security expectations,
- greater use of cyber security governance standards targeted at large businesses and company boards, potentially including greater liability for directors;
- minimum enforceable security standards to protect personal information; and
- mandatory baseline standards to improve the security of smart devices given the limitations of the voluntary IoT Code of Practice currently in place;
- Increasing transparency and
disclosure, which includes:
- initiatives on cyber security labelling for smart devices to allow consumers to better identify the level of security implemented on, and testing passed by, a device;
- responsible disclosure policies to facilitate faster and more efficient detection and patching of vulnerabilities; and
- a small business cyber health check system that incentivises participation with a completion reward that can be used to market adequate cyber risk management;
- Protecting consumer rights via direct legal remedies
for consumers, which include:
- reforming the Australian Consumer Law to address impediments to incidents involving cover cyber security; and
- introducing a direct right of action for privacy breaches under the Privacy Act.
The proposed cybersecurity policies are intended to uplift the cyber security of all digitally enabled businesses, and form part of Australia's Cyber Security Strategy 2020. These reforms are an attempt for the Government to achieve its goal of being a leading digital economy by 2030.
The discussion paper stated that "cyber security is a shared responsibility between governments, businesses and the community". As a result, "the government is taking action to mitigate the real and present danger than cybercrime presents to Australians and our economy", said Home Affairs Minister Karen Andrews. "I want to make sure Australian businesses - big and small - are secure and consumers are protected." She also declared that the country "cannot allow this criminal activity to become a significant handbrake on our economic growth and digital security."
A number of the initiatives if implemented will have significant implications on many businesses and directors. We will be publishing a follow-up limelight with our more detailed analysis of key proposed initiatives. To stay updated, please share and follow the author on LinkedIn.
If you have any concerns about any of the proposed initiatives or about your cyber resilience, we can assist with a range of services and expertise.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.