t cht lk
There are very significant fines attached to a breach of the regime , in particular , where companies have not met their obligation to protect their data and the information relating to individuals .
4 . Directors ’ cybersecurity duties and Australian Consumer Law will be some years before demand and supply align . Against that backdrop , developing a plan to attract new employees to your security team and retain the skilled talent whose efforts are keeping your enterprise protected from attack is critical .
Support a strategic cybersecurity plan
The Australian Competition and Consumer Commission ( ACCC ) has a number of statutory powers under the Australian Consumer Law which could be exercised to take action against businesses that fail to properly prepare for cyber-risks .
While the ACCC has to date focused on educating and informing Australian businesses about cybersecurity issues , it has similar powers to the FTC in the US and which it could use to punish and / or deter harm caused to consumers by businesses with lax cybersecurity , including around false or misleading representation and fit for purpose .
Poor cybersecurity practices – for example , providing an online payment service with insufficient protection for consumers ’ credit card or personal information – may be a breach of the provisions of the ACL .
Conclusions
There are a range of potential legal liabilities that may flow from an organization ’ s failure to adequately address cybersecurity issues . While there needs to be an appropriate recognition of the separation between board and executive responsibilities , doing nothing is not an option as ignorance to a company ’ s cyber obligations is not a defense .
A good place to start can be the Australian Government Cybersecurity Operations Center ’ s ( CSOC ) ‘ Questions senior management need to be asking about cybersecurity ’ or visit the website of the Australian Office of Information Commissioner . Today , directors and boards must be supporting critical cybersecurity defense initiatives of their businesses to enable them to discharge their obligations under the Corporations Act .
Commit to hiring – and keeping – top talent
Australia is suffering from a severe cybersecurity skills shortage and the sector will need an additional 17,000 workers by 2026 , according to AustCyber ’ s most recent reckoning . A substantial number of positions continue to go unfilled ; a situation which only exacerbates the pressure on those holding the fort . While higher education institutions are racing to plug the gap with new courses and qualifications , it
Many security departments manage threats by throwing technology at the problem . As a result , they own an array of disparate solutions . Integrating and maintaining those solutions takes time and , in a thinly stretched security team , that ’ s a commodity that ’ s in perennially short supply .
Taking a step back and developing a strategic technology plan can mean better protection for your organization and fewer headaches for security personnel . Encouraging them to review their technology stack and invest in a solution that provides a single view of real-time threats can make it possible for them to identify and neutralize potential attacks before the enterprise is compromised significantly .
Make security everyone ’ s responsibility
Employees can be the strongest and the weakest links in the cybersecurity chain . A healthy cyber culture will make the job of your security team easier , by making the business of protecting corporate systems and data into everyone ’ s responsibility .
Fostering it starts at the top , with senior leaders who throw their support behind cybersecurity training and awareness initiatives and recognize and reward individuals who do the right thing .
Taking a step back and developing a strategic technology plan can mean better protection for your organization and fewer headaches for security personnel .
Protecting the team that protects the business
In 2020 Australia , cyberattack is no longer a mere irritant ; it ’ s an existential threat . Doing all you can to support the team whose daily efforts can prevent disruption and disaster isn ’ t just the right thing to do , for people under pressure – it ’ s sound business practice that will serve your organization well . p
www . intelligentcio . com INTELLIGENTCIO APAC 77