Govt may make directors liable for data breaches

The federal government may make company directors liable for attack on their companies as part of a proposed suite of cybersecurity reforms.

The government is consulting on measures to improve Australia’s cybersecurity posture in support of the $1.67 billion Cyber Security Strategy 2020.

A discussion paper released for the consultation indicates that the government is considering two alternative approaches — a voluntary model encouraging companies to improve security through various additions or a model involving imposing additional regulatory and other obligations on regulated industries.

The discussion paper suggests that the government is considering introducing an explicit requirement that cybersecurity forms part of the obligations imposed on company directors.

According to the report, as of 2017 only 7% of directors in ASX100 companies said they clearly understood the cybersecurity environment their company operates in.

Other reforms under consideration include stronger cybersecurity standards for the digital economy, more transparent information about cybersecurity and stronger legal remedies for consumers.

Minister for Home Affairs Karen Andrews said with Australian businesses and consumers more active online than ever before, opportunities for cybercriminals to target Australians are increasing.

“The government is taking action to mitigate the real and present danger that cybercrime presents to Australians and our economy. We cannot allow this criminal activity to become a significant handbrake on our economic growth and digital security,” she said.

“I want to make sure Australian businesses — big and small — are secure and consumers are protected. Through this period of consultation, I’m keen to hear from businesses, the critical infrastructure sector, IT experts and the wider public about the solutions and mitigations they propose.”

Image credit: ©stock.adobe.com/au/hikdaigaku86