{"id":862,"date":"2021-07-20T14:22:00","date_gmt":"2021-07-20T14:22:00","guid":{"rendered":"https:\/\/dev.cryptoloc.au\/?p=862"},"modified":"2023-10-03T06:20:16","modified_gmt":"2023-10-03T06:20:16","slug":"tough-new-cybersecurity-rules-on-the-way-for-australian-businesses","status":"publish","type":"post","link":"https:\/\/127.0.0.1\/tough-new-cybersecurity-rules-on-the-way-for-australian-businesses\/","title":{"rendered":"Tough new cybersecurity rules on the way for Australian businesses"},"content":{"rendered":"\n
Australian businesses could be made to meet minimum cybersecurity requirements and face tougher penalties for cyber attacks under new rules proposed by a government discussion paper \u2013 and it\u2019s not a moment too soon.<\/p>\n\n\n\n
Home Affairs Minister Karen Andrews unveiled the discussion paper, Strengthening Australia\u2019s cyber security regulations and incentives<\/em><\/a>, earlier this week. The paper reveals the government is considering a number of cybersecurity-focused reforms to help deliver on last year\u2019s Cyber Security Strategy<\/em><\/a>.<\/p>\n\n\n\n \u201cWe cannot allow [cyber] criminal activity to become a significant handbrake on our economic growth and digital security,\u201d Ms Andrews said.<\/p>\n\n\n\n \u201cI want to make sure Australian businesses \u2013 big and small \u2013 are secure, and consumers are protected.\u201d<\/p>\n\n\n\n The paper is focused on incentivising Australian businesses to invest in cybersecurity, and reveals the government is considering making company directors personally responsible for cyber attacks, in the same way that they can be held personally liable for breaches of workplace health and safety.<\/p>\n\n\n\n \u201cIt is widely accepted that cyber security risks are an increasingly important set of risks that most large businesses, including those established in the corporate form, need to oversee and manage,\u201d the paper reads.<\/p>\n\n\n\n \u201cHowever, there is no explicit requirement that cyber security forms part of many existing obligations, including those applicable to directors.\u201d<\/p>\n\n\n\n The paper flags the introduction of clear minimum expectations on businesses to manage cybersecurity risks, and proposes legal remedies for consumers when businesses fall victim to cyber attacks.<\/p>\n\n\n\n The paper also raises the possibility of a cybersecurity code being added to the Privacy Act, and the introduction of mandatory expiry dates for Internet of Things devices.<\/p>\n\n\n\n The paper says both mandatory and voluntary requirements are being considered, and flags that while a mandatory standard may be \u201ctoo costly and onerous\u201d for businesses, a voluntary system could lead to lower compliance.<\/p>\n\n\n\n Even a voluntary approach would see new cybersecurity standards written into the ASX\u2019s corporate governance rules and practices, so companies that chose not to adopt them would be forced to explain why to their shareholders.<\/p>\n\n\n\nNew rules<\/h3>\n\n\n\n
The cost of cybercrime<\/h3>\n\n\n\n