Under a suite of reforms being considered by Federal Government, board directors could be held personally responsible if a company suffers a cyber attack due to inadequate risk management.
Outlined in a discussion paper released to industry mid-year, the proposed cyber security governance standards would seek to improve cyber security risk management practices in listed companies and other large businesses. The standards would be co-designed with industry and could be mandatory or opt-in.
Quoted in both Information Age and The Age, Minister for Home Affairs Karen Andrews said the government was “taking action to mitigate the real and present danger that cyber-crime presents to Australians and our economy.”
Speaking with the AICD’s October Company Director Magazine, Australian Information Security Association President Damien Manuel said company directors need to “manage cyber as a business risk, rather than being obliged to tick a compliance box which won’t move the needle.”
The Australia Strategic Policy Institute’s Exfiltrate, encrypt, extort report argues ransomware is a threat that’s right here, right now and calls for:
- legal clarity around the issue of paying ransoms and mandatory reporting
- greater transparency in reporting, alerts and information about ransomware attacks
- incentivising cyber security uplift and a public education campaign highlighting the dangers of ransomware.
Cyber in 5: Damien Manuel on why cyber is everyone’s issue
Damien was a guest speaker at a client roundtable in the first-half of 2021. Here’s what he shared: