Notitia's take on how the 2023 - 2030 Australian Cyber Security Strategy will impact you
In the last few months we’ve seen a rush of action towards establishing a united front to defend our Australian shores from cybercrime.
In February, Prime Minister Anthony Albanese appointed a National Coordinator for Cyber Security, announced at the Cyber Security Roundtable, as part of the under progress 2023 - 2030 Australian Cyber Security Strategy.
The Privacy Act Review Report, had been released a few weeks prior, containing 116 proposals to strengthen and modernise the act, with feedback open to the public (until March 31).
In December, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 increased the maximum penalties for serious privacy breaches to (the greater of): $50 million; three times the value of any benefit obtained through the misuse of information; or 30 per cent of an entity’s adjusted turnover in the relevant period.
In 2023, business leaders will experience an increased pressure from clients, customers, shareholders, board of directors, regulators, to get up-to-speed on cyber security best practice.
Will government investment stop cyber attacks?
The short answer is, no.
But, with the right approach (if the strategy works - read here what needs to happen) what it will do is reduce the risk to a manageable level.
It will also place an onus on businesses to take a proactive approach for managing data as well as the expectation from current and potential customers of those businesses to have in place a comprehensive and proactive cyber security approach.
Investment in cyber security is what Australians have been waiting to see, but why hasn’t this happened until now and what improvements can we expect from here?
2023 - 2030 Australian Cyber Security Strategy
The strategy discussion paper lays out the ambition for Australia to become the most cyber secure nation by 2030. Core policy areas and potential options, outline interventions that we might see by the end of the year:
Regulatory Reform:
- Consideration of a Cyber Security Act that draws together cyber-specific legislative obligations and standards.
- Further developments to the CSOCI Act such as including customer data and ‘systems’ in the definition of critical assets to ensure the powers afforded to government extend to major data breaches.
- Less ambiguous regulatory frameworks: stakeholder feedback has demonstrated the need for more explicit specification of obligations, including some form of best practice cyber security standards.
- More streamlined reporting obligations and response requirements following an incident.
International Cyber Security Strategy
- Work better with international partners to protect ourselves and respond to incidents.
- Shape global thinking particularly with emerging technologies and contribute to international technology and security standards.
- Ensure that investments in areas of economic opportunity (health, infrastructure and education) are also underpinned by effective cyber security.
Securing Government data as an example to others
Ahead of the game, the government has admitted that they “should stand out as an exemplar of cyber security”. However, the Commonwealth Cyber Security Posture in 2022 report “reveals government agencies have a long way to go to properly secure government systems.”
In fact, only 11% of entities in the report reached “Overall Maturity Level 2” and the majority are “yet to implement basic policies and procedures”.
Other policy options for consideration
- Improved information sharing with industry on cyber threats, looking to international mechanisms and suggestions from the Australian community.
- Best practice models for automated threat blocking at scale.
- Addressing the skills shortage of cyber security professionals.
- Clarification of what the victims of a cyber attack can expect to happen in response to an incident.
- A consistent understanding of what consumers, small and medium sized enterprises (SMEs) and other organisations must take to enhance their cyber security.
- How Australia can create an environment that attracts investment in cyber security and other critical technologies.
- A Robust Data Governance methodology and approach which is actively monitored and assessed within a business which includes proactive Data Lifecycle management
Read these articles, for more cyber security insights:
➡ It's every Australian businesses' responsibility to protect our data. So, why hasn't this happened?
➡ Let's take a look at best practice.
Questions about cyber security, data governance, data quality or data strategy? Contact us to chat.
About Alex Avery, Notitia Managing Director + Founder
>Questions about how we can help? Book a meeting.
Alex Avery, Notitia Founder and Managing Director, heads our operations in Melbourne and Adelaide to provide data analytics and digital transformation services to more than 60 clients across Australia.
He is highly regarded for his ability to quickly analyse complex operational scenarios and provide workable solutions to achieve business objectives. This, along with considerable experience in the management of technical and business teams across both project environments and "business as usual" is the reason why most of clients have come via word of mouth.
An Honorary Research Fellow with the University of Melbourne, Alex is across all things data and is passionate about applying analytics for societal benefits.
Having spent close to a decade working across Australian and global startups, Big 4 consulting and academia, Alex launched Notitia in 2019, which has since skyrocketed in growth.
Today, Alex leads his expanding team across data + analytics, design + development + strategy to help Australian clients solve their data challenges.
He sees technology as an enabler and partners with the biggest vendors to utilise best of breed software. With the right technology and expertise, Alex says that problems of any size can be solved through valuable insights from accurate data.