At A Glance
- Megan Motto emphasises board-level digital literacy as crucial for cyber risk management.
- Recent cyber attacks highlight the urgency of enhanced corporate cyber preparedness.
- Government introduces stringent cyber requirements for telecommunications sector.
- Industry leaders stress proactive, ethical governance in response to cyber threats.
Insights from Industry Experts on the Federal Government’s Latest Cybersecurity Initiatives
The Australian federal government's recent announcement of the 2023-2030 Cyber Security Strategy has prompted a surge of reactions and analysis from industry experts and peak bodies, spotlighting the evolving landscape of cybersecurity and corporate governance.
Megan Motto, CEO of the Governance Institute of Australia, provided a critical perspective on this development in a Radio National interview. She emphasised the escalating complexity of cybersecurity threats and the need for Australian boards to enhance their crisis management preparedness in this digital age.
"51% of Australian boards are hindered by a lack of technology skills"
- Megan Motto, Chief Executive Officer of Governance Institute of Australia
A striking revelation from Motto was the deficiency in board-level digital and data literacy, a skill she regards as essential as financial or legal literacy in today's digital environment.
"51% of Australian boards are hindered by a lack of technology skills," Motto noted, stressing the need for a collective digital savviness amongst board members, rather than relying on a single expert.
"It's not a matter of if, but when a breach will occur"
- Megan Motto, Chief Executive Officer of Governance Institute of Australia
The recent Optus outage served as a real-world example of the challenges facing large organisations. "It's not a matter of if, but when a breach will occur," Motto remarked, emphasising the importance of robust frameworks and decision-making processes to effectively manage such incidents.
This sentiment aligns with broader regulatory initiatives. The Australian Securities and Investments Commission, led by chairman Joe Longo, has indicated a firm stance on holding board directors and executives accountable for inadequate cyberattack preparations. This approach, articulated at the Australian Financial Review Cyber Summit, underscores the regulator's commitment to enforcing stringent cybersecurity measures.
The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) and the Security of Critical Infrastructure Act 2022 have been instrumental in this regard, introducing enhanced obligations and government assistance measures for improved resilience.
The Department of Home Affairs, under the leadership of Minister Clare O’Neil, plays a pivotal role in this strategy. O’Neil's announcement highlights the need for telecommunications companies to comply with stringent cyber requirements, a response to recent significant cyber incidents affecting companies like Optus.
The narrative of accountability and preparedness extends beyond governmental directives. Chris Proctor, Telecoms Practice Associate Director at NCC Group, reacts to the heightened cybersecurity requirements for the telecom sector, recognizing the global trend of increased security measures in critical national infrastructure.
Motto's interview and the collective industry response underscore the urgent need for expert leadership and a shift in corporate governance perspectives. The reliance on third-party experts or a single risk expert on the board is no longer sufficient. Instead, a proactive, ethical, and well-informed approach is required to navigate the increasingly interconnected and digital world of today.
In conclusion, the Australian federal government's Cyber Security Strategy has set in motion a significant discourse on the role of corporate governance in cybersecurity. The emphasis is clear: boards must proactively engage in cyber risk management with the necessary resources, skills, and ethical frameworks to meet global standards and effectively manage the evolving landscape of cyber threats.
