"The proposed Cyber Security Act 2024 walks a tightrope between protecting our industries and implementing effective and workable regulation for business," said Innes Willox, Chief Executive, Australian Industry Group.
"As Ai Group recommended to the Government, we are pleased to see lower-risk SMEs exempted from ransomware reporting obligations. Small businesses do not pose significant systemic cyber risks, and so shouldn't be burdened by onerous and disproportionate compliance obligations.
"We also welcome the decision to align new national standards for consumer grade connectable products (or IoT) with international standards making efforts. This will ensure Australia is interoperable with approaches used in our trade partners, can contribute to international standards making, and reduces the regulatory burden on our businesses.
"Ai Group supports the limited use obligation for information provided to the Australian Signals Directorate and the National Cyber Security Coordinator. When a business is in the midst of a managing a cyber incident, they need to be confident that engagement with these entities is confidential and won't lead to further negative impacts. The expansion of assistance the Government can offer a business, who has volunteered information during an incident, must be genuine support a business welcomes in responding to, mitigating and resolving a cyber security incident.
"Ai Group welcomes the establishment of the Cyber Incident Review Board (CIRB), an independent advisory body conducting no-fault, post-incident reviews of significant cyber security incidents in Australia. It is imperative that the board has a range and depth of expertise, particularly from industry.
"Continuously evolving cyber threats necessitate further investment in enterprise capability, workforce knowledge and skills. Industry is already investing heavily in cyber security as part of their technology investment but efforts can be constrained by workforce capabilities. We urge the Government to continue to work collaboratively with industry and invest to grow our workforce knowledge and skills to increase our cyber capabilities," Mr Willox said.
Media enquiries
Gemma Daley – 0418 148 821
