AICD commissioned research: Keeping pace - Australia's alignment with key countries in cyber security regulatory settings

Monday, 01 May 2023

Boards Cyber security cyber
cyber-obligations-research-cover
DOWNLOAD THE RESEARCH 

To strengthen the understanding of Australia’s current cyber security regulatory obligations and to inform future policy development, the AICD commissioned King & Wood Mallesons (KWM) to research cyber security regulatory settings in Australia and comparator jurisdictions (the UK, Canada, European Union and the USA).

The research sought to capture the array of cyber security regulatory requirements across the five jurisdictions. This scope included economy wide obligations on businesses, industry and critical asset specific requirements, reporting and notification obligations and pending reforms. The research also examined cyber security governance and accountability obligations on directors.

The KWM research finds that Australia is broadly in line with comparator jurisdictions in its overall cyber security regulatory settings, whilst Australian obligations on critical asset owners and systems of national significance are some of the strictest globally.

Notable findings from the research include:

  • There are no specific cyber security duties imposed on directors in any of the jurisdictions. In each jurisdiction directors have general duties of care, skill and diligence to their organisations. In Australia, these general duties are set out in section 180 of the Corporations Act 2001 and as a result directors should be capable of satisfying themselves that cyber security risks are adequately addressed and that organisations are cyber resilient.
  • There is an increasing trend for class action activity against directors for cyber security breaches, particularly in the USA. In the USA actions have been brought on the basis that the board has failed to exercise appropriate oversight of a company’s cyber security. There is far less precedent in Australia for actions against directors in relation to cyber security governance, however this may change with the Privacy Act Review’s recommendations on a direct right of action and a statutory tort for privacy (see AICD’s submission to the Privacy Act Review Final Report for further detail, available here).
  • Critical infrastructure is a dominating focus of current and pending cyber regulatory reforms across all jurisdictions. In general, stronger critical infrastructure and sector-specific cyber security obligations are being introduced to address supply chain and national security risks posed by cyber security threats.
  • In all jurisdictions there are a range of mechanisms and frameworks to facilitate intelligence sharing and support in relation to cyber security threats and incidents although these mechanisms are still largely voluntary. There is a there is a focus in all jurisdictions on enhancing the speed and scale of cyber intelligence sharing and cyber threat blocking.

The AICD drew on the KWM research in its submission to the Department of Home Affairs on the development of the 2023-2030 Australian Cyber Security Strategy. The AICD submission is available here.

Boards Cyber security cyber

Latest research

report 18 Apr 2024
2024 Not-for-Profit Governance Principles – Third Edition
report 10 Apr 2024
Economic uncertainty and governance issues are weighing heavily in the first half of 2024 | Director Sentiment Index 1H 2024
report 21 Mar 2024
Not-for-Profit Governance and Performance Study 2023-24
report 04 Mar 2024
Climate Governance Study 2024: Moving from vision to action
tools 28 Feb 2024
Governing Through a Cyber Crisis - Cyber Incident Response and Recovery for Australian Directors
tools 18 Dec 2023
Governing for quality aged care – A director’s guide
tools 07 Dec 2023
Positive duty: preventing and responding to workplace sexual harassment - Insights from Australian directors
report 04 Dec 2023
CSIRO Climate Change – Science Snapshot 2023: An overview for Australian company directors
report 08 Nov 2023
Confidence in business conditions and the state of the economy has declined significantly in the second half of 2023 | Director Sentiment Index 2H23
tools 24 Oct 2023
A director’s guide to the positive duty to prevent workplace sexual harassment
report 03 Oct 2023
A director’s guide to mandatory climate reporting
report 07 Aug 2023
Top 20 ASX boards reach 40 per cent women
report 31 Jul 2023
Biodiversity as a material financial risk: What board directors need to know
report 17 Jul 2023
Review of the AICD NFP Governance Principles - Discussion Paper
report 21 Jun 2023
Social Issues and the Board: Voice to Parliament
report 01 May 2023
AICD commissioned research: Keeping pace - Australia's alignment with key countries in cyber security regulatory settings
report 19 Apr 2023
Director Sentiment remains in negative territory amid concerns over deteriorating business conditions | Director Sentiment Index 1H23
report 01 Feb 2023
Not-for-Profit Governance and Performance Study 2023
report 21 Dec 2022
Gender diversity of chairs in the ASX 300
report 18 Oct 2022
Australia’s skills shortage has emerged as the number one concern affecting director confidence | Director Sentiment Index 2H22
report 23 Sep 2022
IPOs an opportunity for greater gender diversity
report 22 Jul 2022
Spotlight on ASX 300 appointments
report 30 Jun 2022
Boards and Cyber Resilience Study: Insights into director views and current board practices
report 21 Apr 2022
Director sentiment falls amid global economic uncertainty | Director Sentiment Index 1H22
report 28 Mar 2022
Diversity to support future challenges
This is of of your complimentary pieces of content
Access this content

This is exclusive content.

You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.

Access this content