Home Affairs Minister Karen Andrews says the escalating wave of cyber attacks needs to be countered.Credit:Alex Ellinghausen
“The government is taking action to mitigate the real and present danger that cyber crime presents to Australians and our economy,” she said. “I want to make sure Australian businesses – big and small – are secure and consumers are protected.”
The extra responsibilities for directors of large Australian companies,similar to those they already have for workplace health and safety,will be canvassed in a government discussion paper on cyber-security reforms.
The cyber-security standards to be co-designed with industry will cover corporate governance,smart devices and the handling of personal information. It has not yet been decided whether the new standards,which werefirst floated in the 2020 Cyber Security Strategy,will be mandatory or companies will opt in.
Loading
The discussion paper says a mandatory regime may be “too costly and onerous given the current state of cyber-security governance and in the midst of an economic recovery”. It appears to favour the voluntary model but warns there is a risk that industry “may not substantially adopt the standards and could continue to manage cyber risk as it currently does”.
Under the voluntary approach,the new standards could be written into the ASX’s corporate governance rules and practices,which would at least force companies that did not adopt the requirements to explain why to shareholders.
The federal government also wants more transparency covering internet-connected devices including “security labelling” and better disclosure of vulnerabilities,as well as clear legal remedies for victims of cyber attacks.