Written by staff writer.
Australia’s cybersecurity minister Clare O’Neil says there has been a big shift in how seriously corporate Australia and boards take their responsibilities to protect their organization from cyberattacks.
“We’ve seen corporate Australia get a big wakeup call about their important responsibilities,” she told ABC radio during a September 19 interview. “I have seen a distinct shift in corporate Australia over the past year around how serious this problem is, and I’ve seen board directors who are earnestly and seriously addressing these responsibilities – they’re getting into the detail of the problem, and they are trying to help us protect the country.”
O’Neil’s comments came one day after she outlined her plan to make Australia a world-leading cybersecurity nation by 2030. At a September 18 cybersecurity conference in Sydney, the minister detailed a six-shield strategy, noting that Australia faced its most challenging geographic circumstances since WWII and that cyber would be integral to how it unfolds.
“Over the last year, Australia has faced unprecedented volumes of cyberattacks,” O’Neil told the ABC. “The Optus attack affected nine million Australians, and the Medibank attack occurred three weeks later. But these are only two of what are thousands and thousands of attacks we experience each year. This was a wakeup call to the country and to the government.”
The minister says that since the current government assumed power in May 2022, they have implemented ten significant cybersecurity reforms. The six cyber shields strategy announced this week aims to layer strong cyber protections around individuals and entities.
The strategies revolve around creating a high level of cyber resilience among citizens and businesses; safe technologies; threat sharing and blocking; the protection of critical infrastructure; creating sovereign cyber capabilities; and assisting in building a high level of cyber resilience among Australia’s neighbours.
“Success in these initiatives is not a world without cyberattacks. No government can promise that. But we want to build a world where Australians can trust the digital environment,” O’Neil said.
The minister said one of the reasons why directors focused on their cyber responsibilities was clear laws that articulated directors’ duties towards their customers. She said that the current government fully intended to enforce those laws.
“They (directors) have duties around cybersecurity, and boards have obligations to understand their company’s cybersecurity arrangements.” O’Neil rejected arguments raised during the cybersecurity conference that some directors needed to be more digitally literate and were struggling with their cyber responsibilities. “I would say that the boards I talk to take this seriously. If they are not taking this seriously, and we’ve got directors out there who cannot understand cybersecurity and are not interested, then they certainly should not be serving on boards of Australian companies.”
The minister also tempered hopes of any safe harbour legislation that would protect entities from legal action following the disclosure of a cyberattack. She said the emphasis should be on reporting and managing the immediate crisis response. “None of that should take away from the responsibilities that companies have to meet the laws in Australia, and no one’s going to be taking away any of those responsibilities.”
