Earlier this year, we discussed the possibility of the Government implementing CPS 234 like obligations onto ASX listed companies and that all companies should be considering measures to protect themselves and their customers against cyber risk, irrespective of potential government regulation. The Department of Home Affairs has now released as part of its Australia’s Cyber Security Strategy (2020) a discussion paper, Strengthening Australia’s cyber security regulations and incentives (Paper), which discusses options for cybersecurity expectations and standards in corporate governance and in the dealing of information assets by large businesses.
Options for regulating cybersecurity
The Paper raises three options for how the Government could regulate companies in protecting themselves against cybersecurity attacks:
- Status quo – keeping the law as it is and leaving it to large companies to manage their own cyber risks as they see fit;
- Voluntary governance standards – implementing a voluntary standard which describes the recommended responsibilities for large companies and complements the current regulatory regime for cybersecurity. In developing voluntary standards, the…
