The Australian Institute of Company Directors (AICD) has welcomed the national Cyber Security Strategy 2023-2030, released today by the Federal Minister for Home Affairs and Cyber Security Clare O'Neil.
The AICD acknowledges the significant work undertaken to deliver the Strategy, which is a key milestone in Australia's journey to become a world leader in cyber security.
In particular, the AICD recognises the efforts of the Cyber Security Expert Advisory Board - Air Marshal Mel Hupfeld, Andy Penn, Rachael Falk - and Home Affairs, in laying the foundations for this Strategy.
The extensive process of engagement and consultation with business, academia, experts and community groups has made the Strategy stronger, and reinforced the team Australia approach which is needed.
AICD Managing Director and CEO Mark Rigotti said cyber security continues to be top of mind for Australian directors and is consistently cited in our Director Sentiment Index (DSI) as the number one thing that's keeping them awake at night.
"As organisations battle increasing and evolving cyber threats and attacks, Australians need to have confidence that our economy can operate within a secure and trusted digital environment.
"Directors understand that strong cyber governance is a non-negotiable, and we have been delighted to see more than 20,000 downloads of the Cyber Security Governance Principles, developed by AICD and the Cyber Security Cooperative Research Centre, since their release last year."
The AICD endorses the proposed 'limited use provision' to support real time information sharing between business and government. This will allow critical information to be provided to key agencies in the early stages of a cyber incident, without the fear of regulators using it in future.
The AICD also welcomes the potential of a single online reporting portal to help companies navigate mandatory obligations and reduce the compliance burden.
While we support the new reporting requirements for ransom demands, it is important that no blanket ban on payment has been proposed. Further guidance to support industry is critical and has been highlighted in the Strategy.
The AICD also sees the introduction of a no fault review process following major incidents, to be led by the Cyber Incident Review Board, as an important practical step. It has great potential to lift national resilience by allowing lessons learned to be shared broadly.
The AICD stands ready to support the Government as it collaborates with industry on the Strategy's implementation.
Download the media release here.