CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 →

Cyber Strategy 2020

2020 Cyber Security Strategy Insights

From increased regulation and executive duties to new critical infrastructure obligations – what the 2020 strategy means for your organisation and how to prepare.

Cyber Security Strategy 2020: Overview

The 2020 Cyber Security Strategy forms part of the Government’s commitment to protect Australians from cyber threats. It is backed by significant increases in funding and proposed changes to legislation governing corporations, communities and citizens.

The strategy covers four key themes.

  1. Architecture of Government
  2. Regulation of the private sector
  3. Expansion of the Australian Federal Police’s role in combatting cyber crime
  4. Expansion of the responsibilities of the Australian Signals Directorate

View previous webinar recordings

YouTube video

30 September 2020

Cyber Dialogue Series:

In conversation with Jane Halton AO & Alastair MacGibbon

YouTube video

11 September 2020

Cyber Dialogue Series:

In conversation with Michael Pezzullo AO & Alastair MacGibbon

YouTube video

03 September 2020

Cyber Dialogue Series:

In conversation with Andrew Penn & Alastair MacGibbon

YouTube video

19 August 2020

Cyber Dialogue Series:

In conversation with Malcolm Turnbull & Alastair MacGibbon

Key announcements likely to impact your organisation

  • Executive responsibility

The 2020 Cyber Security Strategy makes clear that the Government plans to introduce cyber security regulations for corporations.

In the same way as Workplace Health and Safety is now fully accepted as a board responsibility, soon boards and executives will be held accountable for cyber security risk management.

  • Critical Infrastructure

The strategy aims to broaden the definition of critical infrastructure from the current focus on water, electricity, ports and telecommunications. It identifies 3 tiers of critical infrastructure. Each tier carries a different set of obligations.

Critical infrastructure entities at the lower end of the scale will not attract additional regulation. A middle tier of ‘regulated critical infrastructure entities’ will be required to meet a ‘positive security obligation’. A third tier, owners of ‘systems of national significance’, will additionally be subject to ‘enhanced cyber security obligations’.

This will likely have implications on your organisation if you are part of our most vital connected systems, for example, the financial sector, food supply chains, health, transport and government.

Read our blog

  • Small and Medium sized organisations

Regulation may extend to small and medium businesses. Clearly understanding your organisation’s obligations will be an essential first step to ensure you’re ready for the onset of planned regulation.

Preparing for change with CyberCX

The strategy sets out a clear direction that should motivate organisations to plan, budget and proactively prepare for the onset of new regulation.

Our security and strategy advisers have identified two key activities to assist you in better understanding the changes that this strategy will usher in:


Director level training and awareness

We can brief your board and leadership team on the 2020 strategy including our detailed discussions with Government and the expected direction of the legislation.

Learn more

Cyber security posture assessment

A primary goal of the strategy is to uplift organisations’ cyber security awareness and the risk management of systems.

To help you understand your current security posture and identify gaps, our team can run an oganisational audit to analyse your business operations, existing policies and compliance requirements. We can then develop a security transformation plan to help you meet a positive security posture and regulation introduced by the strategy

Learn more

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.