I think we can all agree that the Australian government has demonstrated its will to empower our country, its organisations and citizens to be more secure online. Australia has become a prime target for bad actors, and like my counterparts, I appreciate a government with a hands-on approach—one that recognises the criticality of cybersecurity.
From updates to our Privacy Act, or the latest rules for Critical Infrastructure, to the upcoming cybersecurity strategy, we are seeing a vocal and proactive leadership spearheaded by Minister for Home Affairs and Cyber Security The Hon Claire O’neil MP, which is what we need to not only steer the Australian ship, but also strengthen it to ensure we stay the course in rough waters. Australia can only achieve this if our leaders create the right framework of laws, and adopt measures that will foster awareness and education, protection and collaboration.
At a crucial time in our short cybersecurity’s history, the upcoming Strategy will be the instrument that guides this effort, and it is only natural that it is built taking the industry’s insights, perspectives and suggestions into account, which is the purpose of the current consultations.
With this activity-filled backdrop, we recently asked 300 Australian tech and IT leaders what they thought should be a priority in the next cybersecurity strategy, in order to better understand our users’ and customers’ needs and inform our conversations.
When asked about the measures they would like to see in the upcoming Cyber Security Strategy, Australia’s tech decision-makers called for tougher laws around online privacy and data protection to be the main priority (49%), an opinion likely bolstered by the major cyber incidents that occurred in 2022. A large majority of respondents (70%) said that their business leaders were more willing to allocate more budget to cybersecurity after those incidents. I’ll wager the continued anger from individuals about organisations misusing or failing to protect their personal data is also having an influence. In any case, let’s hope the amendments to the Privacy Act will answer organisations and citizens’ will to reinforce privacy and data protection in our country.
Further underlining the industry’s appetite for stronger rules for Australian organisations and their cybersecurity efforts, another priority was “reinforcing cyber security regulations for all Australian businesses” (36%). However, tech leaders were less inclined to increase the personal accountability of individual business leaders and/or board members, with less than one in three pushing for targeted sanctions for major data breaches (29%). This seems to contrast with the government’s desire to increase personal liability, as we see from the latest rules governing critical infrastructure leaders.
In this area, I believe spreading security