Critical infrastructure providers such as banks, defense contractors, power and telecommunications companies, and others, will be required to report cyber security incidents to the Australian Cyber Security Centre as part of this new cyber security strategy. This will ensure that there is greater transparency regarding the state of cyber security in Australia.
This comes as a result of the discovery made by the Center that the private sector has been underreporting cyber occurrences, which has been to the disadvantage of their contemporaries.
According to what Tillett says in the article, “The center’s danger report, which was released the previous month, showed the agency responded to 2266 cyber events in 2019-20.” The federal and state governments were responsible for 35% of the reports.
Even though the head of the Australian Cyber Security Centre, Abigail Bradshaw, speculates that this could be because private organizations are trying to “protect commercial reputation” or are “concerned about the market response,” she makes it abundantly clear that disclosing a cyber breach not only protects you, but it also protects the “next victim.”
Who, then, is accountable for monitoring and reporting cyber events that occur within major organizations? And what is the most effective strategy to manage cyber risks so as to prevent big security breaches and events from happening in the first place?
Alex Pagoulatos, COO at SubRosa, believes that cyber risk management should be approached from the top down. Board directors and other business leaders should be the ones to identify key cyber risks, which should then be managed, tracked, and ultimately reported in order to facilitate quick responses and transparency.
According to Alex, “now is the moment to manage your risk in a systemized and transparent way, as government mandates for cyber risk reporting are on the horizon.” “With the increasing amount of cybercrime, and on the horizon are government mandates for cyber risk reporting.”