On 22 November 2023, the Australian Government released its 2023-2030 Australian Cyber Security Strategy (the Strategy). The Strategy aims to realise the Australian Government’s vision of becoming a world leader in cyber security by 2030. The Strategy seeks to protect Australians by improving cyber security, managing cyber risks, and better supporting Australians and organisations to manage the cyber environment.
Cyber security affects every person in Australia. In the past year, millions of Australians have had their personal information stolen as a result of data breaches. The Hon Clare O’Neil MP, Minister for Home Affairs and Minister for Cyber Security, outlines that on average in Australia one cybercrime is reported every six minutes, resulting in billions of dollars of damage to the Australian economy every year. Furthermore, new technologies are changing the digital environment. The increasing use of artificial intelligence creates both new opportunities and new risks for cyber security.
The Strategy outlines six ‘cyber shields’, which can be summarised as:
- Strong business and citizens;
- Safe technology;
- World-class threat sharing and blocking;
- Protected critical infrastructure;
- Sovereign capabilities; and
- Resilient region and global leadership.
The Strategy is supplemented by the 2023-2030 Australian Cyber Security Action Plan (the Action Plan) which details key actions and initiatives for each cyber shield, and the Government agencies responsible for each action.
The Australian Government intends to work with industry to reinforce these shields and build national cyber resilience. For example, under the Action Plan for Shield One: Strong business and citizens, Action 5 outlines steps that will provide clear cyber guidance for businesses.
The Strategy will be delivered in three phases or ‘horizons’:
- Horizon 1 (2023-2025): aims to address foundations by examining critical gaps in the cyber shields and support improved cyber maturity uplift.
- Horizon 2 (2026-2028): aims to expand the reach by addressing further investments in the broader cyber ecosystem and continuing to scale up in cyber maturity and the cyber workforce.
- Horizon 3 (2029-2030): aims to lead globally and address the development of emerging cyber technologies capable to adapting to new risks and opportunities.
Alongside the Strategy and the Action Plan, the Government has released a Consultation Paper to collaborate with industry to inform proposed legislative reform on:
- new initiatives to address gaps in existing laws; and
- amendments to the Security of Critical Infrastructure Act 2018, to strengthen protections for critical infrastructure.
The Government is inviting the community to make submissions on the Strategy until March 2024.
Strong cybersecurity measures are a requisite part of good governance for any organisation, to mitigate against cyber risks, and associated risks of reputational and financial harm. Importantly, the Australian Securities and Investments Commission considers it a directors’ duty to ensure there is ‘good cyber risk management’ in order to comply with the Corporations Act 2001 (Cth) (the Corporations Act). Section 180 of the Corporations Act requires directors of organisations to exercise care and skill to defend the business from key risks. Organisations face potential fines or prosecution for non-compliance.
If you wish to further understand or discuss the 2023-2030 Australian Cyber Security Strategy and how you can ensure your organisation complies with cyber security requirements, please contact us at firstname.lastname@example.org.