We provided a submission to the Department of Home Affairs' Strengthening Australia's Cyber Security Regulations and Incentives consultation on 27 August 2021.
In this submission, we thanked Home Affairs for the opportunity to participate in discussions before the submission and reminded that this work should focus on the rationalisation and harmonisation, not proliferation, of existing standards. Our submission raised the following points:
- A mandatory approach to large corporate governance should be taken;
- We support the creation of a code, but do not agree with it being created under the Privacy Act;
- Requirements included in the ATO's Digital Service Provider (DSP) Operational Security Framework (OSF) are a great place to start for cost effective and achievable controls;
- We are also supportive of a mandatory approach for responsible disclosure as we do not believe that a voluntary approach will achieve the desired outcomes;
- We believe that a small business health check would help improve the cyber security of small businesses and the UK's Cyber Essentials program is a good model to consider; and
- The role DSPs play in increasing the cyber security of small businesses should be recognised.
A full copy of this submission can be accessed here.