Cyber security  paper for consultation

Cyber security  paper for consultation

For more information

Cyber Insurance

The  Department of Home Affairs has  released a  cyber security  paper for consultation, seeking feedback on a range of proposed options to strengthen the economy’s defence against ransomware and other digital threats.

A portion of the paper deals with governance standards for the business community, which at present is left to manage cyber threat as it sees fit.

The paper flagged two options for consideration if the status quo was to be scrapped.

The first would involve the development of a voluntary cyber security governance standard,  laying out  the responsibilities of large businesses and processes for managing cyber security risk, supporting the role of company boards overseeing the threat.

But this  would not require specific technical controls to be implemented  and will complement existing regulatory requirements.

The second option involves a  standard similar to the first proposal but  large businesses would be required to achieve compliance within a specific timeframe. Entities covered by existing regulation, such as responsible entities for critical infrastructure, would not be covered by this policy.

The paper says the second option means larger businesses will improve their cyber security governance in a timely manner, resulting in better management of cyber threats.

But it says the costs associated with mandating governance would be high as a large number of businesses would be required to comply.

If implemented, the government would have to allow a significant amount of time for businesses to shift their governance structures and ensure they are able to comply with the mandatory standards.

The paper says regulatory costs may be passed on to consumers.

“On balance, a mandatory standard may be too costly and onerous given the current state of cyber security governance, and in the midst of an economic recovery, compared to the benefits it would provide,” the paper said.

The paper says cyber security incidents cost the Australian economy $29 billion annually or 1.9% of gross domestic product.

Citing the Australian Cyber Security Centre, the paper says the threat is increasing in scale, frequency and sophistication.

“If no action is taken, the costs and consequences of cyber security incidents are likely to rise over time as more economic activity moves online and the number of connected devices grows,” the paper said. “COVID-19 is just one factor driving this trend.”

Law firm Clyde and Co says there is currently significant political pressure on the government to take action in respect of cyber risk and its impact on the Australian economy.

It says it is unlikely that the government will opt for the status quo at the conclusion of the consultation period.

The law firm says the discussion paper highlights that cyber security must be a fundamental part of all organisations’ risk management practices.

“Boards will face increasing scrutiny to maintain effective data governance practices to mitigate against cyber incidents, including data breaches,” Clyde and Co said.

“Whether standards are voluntary or mandatory, if an organisation suffers a cyber incident and are not able to demonstrate that they have adequate policies and procedure in place, directors may be exposed to claim.”

Closing date for submissions is August 27.

Click  here for the discussion paper and here for the submission form.

Contact HDL for your Cyber Insurance needs

If you would like to discuss Cyber Insurance, contact us.

The information provided in this article is of a general nature only and has been prepared without taking into account your individual objectives, financial situation or needs. If you require advice that is tailored to your specific business or individual circumstances, please contact HDL.

HDL news, updates and publications may contain links to non-HDL websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by HDL, as we have no responsibility for information referenced in material owned and controlled by other parties. HDL strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Find this article helpful? Click on one of the links below to share the content.