The lack of coordination approach to cybersecurity regulation and standards is causing extreme confusion across Australian industries, says Michelle Price, CEO at AustCyber.
During a cybersecurity panel in Sydney last week, Price claimed cyber security and cyber resilience is the true horizontal sector of the economy.
“[Cybersecurity] does touch every single part of the economy and we’re not conceiving of legislation, regulation, standards and guidance with that in mind.
“That does mean all of the sector-specific legislation and regulation standards and guidance has impact for cybersecurity and vice versa.”
- Breakfast event: Who wins and who loses when TV meets programmatic technology? Thursday August 15th – Limited seats
However, she said the federal government sees cybersecurity as a national security issue.
“[From this] we’ve got a whole series of legislation that has emerged over the past two years, and there will be more to come. Providing if it is adding and compounding that confusion for organisations who are really at the beginning of their cybersecurity journey in Australia.”
She believes the often-complex interplay between security and privacy standards, regulations and legislation – in Australia and elsewhere for those exporting – contribute to unintended consequences of rapid technological development.
“There’s an overall lack of coordination across the Australian regulatory landscape and it can be hard for businesses to keep pace with this while also contending with supply chain implications, digitisation and workplace cultural disruption.
“The top end of town is finding this challenging to varying degrees in all verticals and the smaller end certainly is.”
Businesses are both leaders and laggards
Australian businesses are simultaneously leaders and laggards when it comes to cyber-readiness and resilience, according to Carl Woerndle, principal advisor of cybersecurity and incident response at technology research and advisory firm Ecosystm.
He said, “Where we fall behind is in the SME space with cost and awareness being driving factors behind their lag in progress compared to enterprise organisations which are forging ahead with improved data security practices.
“However, Ecosystm’s data shows that 80 per cent of Australian enterprises now consider they have mature security controls in place.”
Risk management strategies as well as industry and regulatory compliance requirements are driving the spend, as enterprises step up their efforts to ensure they don’t run afoul of increasingly punitive reporting regimes.
“More than half of the organisations we’ve studied are planning to implement incident response and threat analysis and intelligence solutions this financial year,” said Woerndle.
Although, Australian firms have been slow to engage with third party advisory firms, one of the accepted measures of cybersecurity maturity in the developed world.
Ecosystm’s research has found that just 29 per cent of Australian businesses have done so, compared with the global figure of 50 per cent. Cyber insurance uptake is also low: it stands at 40 per cent in Australia, compared to 64 per cent in the United States.