2020 Cyber Security Strategy Insights
From increased regulation and executive duties to new critical infrastructure obligations – what the 2020 strategy means for your organisation and how to prepare.
Cyber Security Strategy 2020: Overview
The 2020 Cyber Security Strategy forms part of the Government’s commitment to protect Australians from cyber threats. It is backed by significant increases in funding and proposed changes to legislation governing corporations, communities and citizens.
The strategy covers four key themes.
- Architecture of Government
- Regulation of the private sector
- Expansion of the Australian Federal Police’s role in combatting cyber crime
- Expansion of the responsibilities of the Australian Signals Directorate
View previous webinar recordings
30 September 2020
Cyber Dialogue Series:
In conversation with Jane Halton AO & Alastair MacGibbon
11 September 2020
Cyber Dialogue Series:
In conversation with Michael Pezzullo AO & Alastair MacGibbon
03 September 2020
Cyber Dialogue Series:
In conversation with Andrew Penn & Alastair MacGibbon
19 August 2020
Cyber Dialogue Series:
In conversation with Malcolm Turnbull & Alastair MacGibbon
Key announcements likely to impact your organisation
- Executive responsibility
The 2020 Cyber Security Strategy makes clear that the Government plans to introduce cyber security regulations for corporations.
In the same way as Workplace Health and Safety is now fully accepted as a board responsibility, soon boards and executives will be held accountable for cyber security risk management.
- Critical Infrastructure
The strategy aims to broaden the definition of critical infrastructure from the current focus on water, electricity, ports and telecommunications. It identifies 3 tiers of critical infrastructure. Each tier carries a different set of obligations.
Critical infrastructure entities at the lower end of the scale will not attract additional regulation. A middle tier of ‘regulated critical infrastructure entities’ will be required to meet a ‘positive security obligation’. A third tier, owners of ‘systems of national significance’, will additionally be subject to ‘enhanced cyber security obligations’.
This will likely have implications on your organisation if you are part of our most vital connected systems, for example, the financial sector, food supply chains, health, transport and government.
- Small and Medium sized organisations
Regulation may extend to small and medium businesses. Clearly understanding your organisation’s obligations will be an essential first step to ensure you’re ready for the onset of planned regulation.
Preparing for change with CyberCX
The strategy sets out a clear direction that should motivate organisations to plan, budget and proactively prepare for the onset of new regulation.
Our security and strategy advisers have identified two key activities to assist you in better understanding the changes that this strategy will usher in:
Director level training and awareness
We can brief your board and leadership team on the 2020 strategy including our detailed discussions with Government and the expected direction of the legislation.
Cyber security posture assessment
A primary goal of the strategy is to uplift organisations’ cyber security awareness and the risk management of systems.
To help you understand your current security posture and identify gaps, our team can run an oganisational audit to analyse your business operations, existing policies and compliance requirements. We can then develop a security transformation plan to help you meet a positive security posture and regulation introduced by the strategy
