Biosecurity is a key part of risk management, with environmental breaches potentially causing billions of dollars in damage.
When imported red fire ants were first discovered on Australian soil in 2001, border authorities launched an eradication initiative that would prove to be the nation’s costliest. Decades later and with $873m spent up to 2023, according to the Invasive Species Council, the ants continue to breach Australian borders. Along with posing deadly risks to humans, the financial toll is staggering. The ants could inflict $22b of damage on the agriculture, machinery and infrastructure industries if they are not eradicated by the 2040s, according to 2024 data from the Australia Institute.
For companies relying on international trade, biosecurity is an integral part of compliance and risk management. This includes informing authorities of more than 100 notifiable diseases listed by the Department of Agriculture, Fisheries and Forestry (DAFF). In the worst-case scenario, a pest or a disease could infiltrate a supply chain and spread to the broader market, resulting in countless animals or produce being destroyed.
“A biosecurity incursion can disrupt a business,” says Adrian Turner GAICD, co-founder and CEO of biosecurity threat management platform ExoFlare. “It could cause it to lose market access, which means losing the ability to sell your product. We saw that in September, in South Australia with Perfection Fresh, whose tomatoes had a fungal disease (tomato brown rugose fruit virus), which resulted in them having to stand down about 500 workers. Aside from the weather, biosecurity is probably the biggest risk to business continuity and operations in agribusinesses. It’s also the biggest shadow trade lever in the world.”
A director can be held liable for their company contravening the Biosecurity Act 2015, explains Paul Welling, head of the litigation and dispute resolution team at KHQ Lawyers. “It is a civil penalty contravention, whereby if you have been reckless or negligent, you can face a personal fine as a result.”
He adds that a court will consider the steps a director takes to ensure compliance, including obtaining a professional review of existing compliance steps, whether any recommended steps were actually followed through, and what knowledge the director had — or should have had.
“In the same way a director has general obligations under the Corporations Act 2001, in terms of their duties to inform themselves and be aware of the company’s operations, a director needs to be sufficiently aware of what the company is doing in relation to biosecurity, and to ensure it’s got proper procedures in place,” says Welling.
He believes that until recently, the penalties did not adequately reflect the gravity of a biosecurity incursion. Those penalties have since been ratcheted up. Penalties for breaching the Biosecurity Act 2015 depend on the type of offence and whether it was committed by an individual or a corporation. For a category 1 offence, individuals can be fined up to $1.1m or jailed for three years. Companies can be fined up to $2.2m.
Connecting the dots
Turner first recognised the parallels between biosecurity and cybersecurity in 2022 while leading the information and communications technology stream for a national genomics mission at Data61, the data and digital specialist arm of the CSIRO.
“I was around people who were helping me understand what genomics and programming life (adapting biological life to suit human purposes) really means,” he says. “I asked them, ‘Where are the guardrails?’ But there weren’t any. The issue of biosecurity consumed me. I couldn’t sleep. I started to think about the second and third-order consequences to the world for biosecurity incursions. I believe biosecurity is existential. We’ve got to be able to feed the eight billion people on the planet, and agriculture is a $100b industry for Australia in terms of exports. The food and beverage manufacturing industry is the country’s largest [manufacturing] sector. Being able to protect it from these sorts of risks is critical.”
Like cybersecurity, biosecurity is a networked risk. It is in everyone’s collective best interest to prevent breaches. This requires cooperation rather than rivalry, even among business competitors.
ExoFlare is building a biosecurity threat-management platform modelled on cybersecurity principles. It combines data and IT systems with genomics and pathology. ExoFlare was founded in 2022 by Silicon Valley veteran Turner and strategic risk expert Chris Aitken. Its team members include chief product and technology officer Richard Webby, who was head of technology for the Walt Disney Company, and chief product marketing officer Andrea Koch, who was on the board of the National Farmers Federation and led the development of the Australian Farm Data Code.
“Our platform generates structured data to provide visibility of risks, both within a company and also across the entire value chain,” says Turner. “As a company, you can identify where there are risk hot spots within operations and partner networks.”
ExoFlare has taken cues from leading cybersecurity firms such as Palo Alto Networks, an American multinational cybersecurity company that has built a unified threat management platform. “We’re building a similar platform to protect the US$10.5 trillion global food system from biosecurity threats,” says Turner. “We are leading the world in this.”
The company’s goal is to bolster the resilience of organisations to biosecurity incursions, but it is critical for businesses to be on the front foot. Like a data breach, the speed of detection and response is critical, as is training employees to prevent breaches and test systems in “peacetime”.
“In the first instance, you want to understand the assets and make sure the right policies and procedures are in place, the right security controls and the right sort of monitoring,” says Turner. “Having digital biosecurity security records is also fundamental to building trust with regulators to be able to get up and running faster after a biosecurity event.”
Strengthening collaboration
This viewpoint is shared by the Deputy Secretary of Biosecurity, Operations and Compliance, Justine Saunders GAICD APM, who was recently appointed to the role at the Department of Agriculture, Fisheries and Forestry (DAFF). “Biosecurity challenges demand innovative approaches and the ability to respond quickly to rapidly changing risks, while ensuring long-term preparedness,” she says. “The increasingly complex and fast-moving strategic and operating environments mean that no single entity can succeed alone.”
Saunders’ focus is on strengthening collaboration across sectors through industry partnerships, and bolstering a national eradication program for those imported red fire ants.
Following an outbreak of the H7 strain of high pathogenic avian influenza (HPAI) that resulted in Australia’s largest avian disease incident at the start of 2024, Saunders established a formal HPAI preparedness taskforce. It has Commonwealth, state, territory and industry stakeholders. “With no means to prevent the virus’ entry via migratory birds, our focus is on enhancing our preparedness and response capabilities,” she says, using terms that echo cybersecurity experts.
Turner notes that biosecurity should be included in the established risk register, with consistent reporting at board level. “Biosecurity has to be digitised to be able to quantify the residual risks and show it in dashboards,” he says. “It should be a standing agenda item at board meetings, as is the case with cyber today.”
Saunders says biosecurity must be seen as a critical element of corporate strategy, integral to long-term sustainability and resilience. “For directors, this means viewing biosecurity as part of corporate social responsibility and integrating it into risk management frameworks.”
She emphasises collaboration with government and industry is essential to achieve a resilient biosecurity system, urging boards to participate in the Biosecurity Business Network Program, which launches this year. It will provide tools, resources and materials to help businesses strengthen biosecurity measures across sectors. Companies will also be invited to take a biosecurity business pledge. “This pledge will offer businesses the opportunity to demonstrate their commitment to protecting Australia’s biosecurity and to integrate proactive measures into their operations and supply chains,” says Saunders.
Biosecurity breakdown by the numbers
Australian Bureau of Agricultural & Resource Economics & Sciences, Invasive Species Council, Australian Bureau of Statistics, Department of Agriculture, Fisheries & Forestry
108 - The number of notifiable diseases companies and organisations should be alert to
$5.3b - Estimated cost of established pest animals and weeds to Australian agricultural producers
$873m - Amount spent up to 2023 on the eradication of red fire ants, which continue to breach Australian borders
257,000 - Number of people employed by the Australian agricultural sector
$80b - Estimated cost of a multi-state outbreak of foot-and-mouth disease (FMD) over 10 years
This article first appeared under the headline ‘Germ warfare’ in the March 2025 issue of Company Director magazine.
Latest news
Already a member?
Login to view this content