Read the full story
On 13 July 2021, the Australian Government opened consultation on options for regulatory reforms and voluntary incentives to strengthen the cyber security of Australia’s digital economy.
Among the issues being canvassed are governance standards for large businesses. Feedback is being sought on whether existing frameworks are sufficient, or whether additional measures, either voluntary or mandatory, should be developed.
A voluntary governance standard would describe the responsibilities of large businesses and processes for managing cyber security risk and would support the role of company boards overseeing cyber security risk. Mandatory standards would go further, requiring large businesses to achieve compliance within a specific timeframe.
Among possible future directions, some are suggesting that directors may be held legally responsible for egregious cyber security negligence in their companies, according to Telstra CEO, Andy Penn.
Penn, who is also chair of the Government’s Cyber Security Industry Advisory Committee, says too many Australian organisations remain under-prepared for escalating cyber risks. He backed proposals to strengthen obligations on directors, but said the degree of responsibility should depend on the significance of the company’s products or services.
Importantly, Penn advised that more needs to be done to make corporate leaders aware of cyber security risks in circumstances where malicious cyber criminals were becoming more brazen and sophisticated in targeting governments, businesses and global supply chains.
Many corporate cyber security chiefs struggle to persuade boards of the importance of adequately investing in cyber security. However, it is critical that directors understand the range of cyber security risks their organisation is likely to face, so they can provide appropriate resources to mitigate the risks.
CyberCX offers comprehensive Board and Executive Cyber Literacy training. This suite of courses is designed to enable boards to stay ahead of cyber risks using innovative learning techniques customised to executive leadership. Contact us today to learn more about executive cyber training.