"Ai Group welcomes the Federal Government's National Cyber Security Strategy 2023-2030 announced this morning. It is a strategy that is sensitive to the realities of business," Innes Willox, Chief Executive of the national employer association Ai Group said today.
"Although there is no immediate ban on paying ransoms for the next two years, the mandatory reporting of any incident will provide the Government with information about whether banning ransoms will achieve its intended goals.
"We look forward to working with the Government in the design of the legislation of a no fault, no-liability ransomware reporting obligation. However, it is important to remember just who are the criminals and who are the victims in ransomware attacks. Companies are targets in the same sense that fish in the sea are targets for a net, and a blanket rule may not be the best strategy.
"It is essential that Governments and industry continue to work together in a collaborative manner to achieve the same goal of ensuring a strong, adaptive and resilient economy for all Australians to be ahead of the constantly evolving cyber threats we all face.
"The announcement of new funding to support our largest cohort of businesses in the country is a welcome step in enhancing cyber capabilities across our economy. We know that Australian industry is already actively engaged and investing in cyber security. However, there are a range of capabilities across businesses – gaps remain particularly for our medium and smaller enterprises.
"The increased investment in developing the cyber skills of the workforce is much needed as shown by Ai Group in our recent report on the cyber readiness of industry. We found that small and medium businesses faced cyber risks without the workforce investment capability larger firms have. Support to increase the cyber skill levels of of our workforce is needed.
"The pragmatic steps to uplift cyber security standards in our region and supply chains will ensure that Australian companies can trade with greater confidence. As our supply chains become increasingly digital and integrated, we will only be as secure as our weakest link," Mr Willox said.
Ai Group research on business cyber capability released last week