Joint statement with AISA: Raising our cyber security posture, regulating for purpose - strengthening Australia’s cyber security regulations and incentives (September 2021)

The private sector is particularly impacted when cyber risks materialise. Directors and Officers of companies are in a unique position. They have a vested interest in ensuring the safety and security of their IP and workforce; obligations they increasingly take seriously.

The Australian Government, through parallel statutory and policy reform processes, is seeking to respond to the contextual issues it has identified as important in relation to cyber security.

To inform this process, in mid-2021, the Australian Information Security Association (AISA) undertook a survey of Directors of listed and nonlisted Australian companies, as well as public institutions, NGOs, cyber professionals and executives across an audience of over 7,000 individuals.

Jointly AustCyber and AISA analysed these responses, including qualitative feedback received, to provide an overview of the perceived cyber risks and complexities in the practice of cyber security facing directors, boards and companies. From this feedback, we identified salient themes in relation to how respondents felt Government, and indeed industry, should respond and better engage across stakeholders. These can be read alongside the Recommendations Report of the NSW Cyber Security Standards Harmonisation Taskforce, released in early 2021, which outlines a range of existing standards in existence, including in specific sectors of the economy.

To provide a framing for Government as these policy, regulatory and legislative reforms are considered, we outline a set of common principles to assist decision-makers. These are not intended to be exhaustive, but to function as a baseline. We look forward to further engagement with our respective Members and Stakeholders, to evolve these principles as the reforms being proposed by Government are considered.