Accountability for Cybersecurity in Australia—A Major Regulatory and Litigation Risk
There are showers, there are squalls, and there are storms. The growth in cybersecurity attacks in Australia, as in much of the world, is a storm and Australian companies need to batten down the hatches. In the period from 1 July 2019 to 30 June 2020 alone, the Australian Cyber Security Centre ("ACSC") responded to 2,266 cybersecurity incidents at a rate of almost six per day and the ACSC expects the true volume of malicious activity to be much higher.
When you consider the continued increase in cybersecurity attacks in Australia, it is unsurprising that cybersecurity has become a key policy issue for the Australian Government and is considered critical to Australia’s national security, innovation and competitiveness.
This Jones Day White Paper considers the rise of cybersecurity risk for Australian companies, the increasing importance of cybersecurity and cyber resilience from the perspective of the Australian Government policy agenda and Australian regulators, particularly in the financial sector, and the ways in which Australian companies and their individual directors and officers will be held to account for cybersecurity issues moving forward. The paper concludes by addressing the steps companies, and individual directors and officers, should be taking to ensure they are adequately prepared for a cybersecurity incident and to avoid the potential legal, financial and reputational costs to firms.