Business leaders welcome the announcement

Cyber attack

The Australian government will invest $230m over the next four years to boost the country’s cyber security.

Prime minister Malcolm Turnbull last week unveiled a strategy that will consist of five key pillars: strengthening cyber defences, education, partnerships, research and development, and global awareness.

The country’s existing Australian Cyber Security Centre will also be moved from the ASIO headquarters in Canberra to an undisclosed location for easier access to businesses.

The programme will also give the government the ability to launch pre-emptive cyber attacks against hacker “safe havens”. The government will work with allies to shut these safe havens down before they get a chance to strike as part of a global initiative.

Business leaders have largely welcomed the new strategy.

Deloitte Asia-Pacific cyber risk leader James Nunn-Price was part of the government-led roundtables that helped shape the strategy.

He said: “Going deeper on fewer and more targeted initiatives will make a difference, rather than try and cover the hundreds of things clamouring for attention in the cyber security space. In this way government, business and academia can all pull together to focus resources on actions that will make an impact, rather than being spread too thinly.

“By calling out growth and innovation, and nurturing home-grown expertise to generate jobs, we will build a cyber smart nation.”

Nunn-Price added that Deloitte welcomed the call for organisations to notify customers and regulators of a cyber breach, a practice that is already established in the US and is expected to come in to Australia later this year.

The firm estimates that only 14% of Australians had received a privacy notification following a data breach.

But almost one million Australians were estimated to have been victims of online identify theft in 2014.

Leon Fouche, risk advisory partner at consultancy BDO, urged businesses to use the government strategy as a catalyst to review with own cyber resilience.

“Key to this strategy’s effectiveness – and to the protection of all businesses – will be a recognition that cyber security is not just an IT issue but rather a business issue that requires ownership by the c-suite and understanding by all departments,” Fouche said.

“The strategy’s strong focus on collaboration and education also highlights the role every business can play. While the Federal Government is leading and innovating, businesses need to ensure their security practices are robust and up to date, and to better educate and empower employees to use sound online practices.”