Government’s cyber policy is overhyped and underfunded | #government | #hacking | #cyberattack


At the time, the government said cybersecurity incidents cost Australian businesses $29 billion a year. As part of the new strategy, it committed a grand total of $1.67 billion to address the problem, spread over 10 years.

Cybercrime incidents rise 13pc

That equates to $167 million a year. In other words, the government planned to address the problem of cybercrime by investing less than half a percent of what the problem is actually costing the country.

Since that announcement the problem has steadily worsened. In the year ended last June 30, the Australian Cyber Security Centre (ACSC) reported more than 67,500 cybercrime incidents, an increase of almost 13 per cent from the previous year.

That equates to one reported cyberattack every eight minutes, as opposed to one every 10 minutes in the previous financial year.

As we sit here today, a large amount of Australia’s digital infrastructure is in dire need of cybersecurity transformation. That transformation will require true leadership and large-scale investment over the long term, not a patch job that delivers a positive headline.

To achieve this, the government needs to focus on policy setting that encourages business investment in preventative measures. It also needs to better equip and resource the various law enforcement agencies to be more proactive in intercepting and preventing cybercrime threats against Australian businesses.

There is a key role here for the government to meet the pressing need to further drive cultural change in the country’s boardrooms by investing in ongoing awareness and education on the very real risks of cybercrime in the business sector.

The current challenge is that most compromised businesses don’t publicly talk about their experiences as there is a sense of shame, or failure, often associated with being a victim.

This, in turn, means many business leaders are not attuned to the prevalence of the risk and the potential consequences of a successful attack.

The result is underinvestment and a false sense that “it won’t happen to us”.

With current geopolitical events, such as Russia’s war on Ukraine, there is no doubt that the cybercrime threat will only continue to grow. Indeed, the ACSC recently warned Australian businesses to be on heightened threat levels due to the unrest and to “urgently adopt an enhanced cybersecurity posture”.

Embracing the digital revolution

Going back to the tax break announced in the budget, unfortunately it is extremely limited and poorly targeted.

Under the plan, deductions are only available to businesses with revenue of less than $50 million. That is a mistake: the urgent priority should be to provide incentives and targeted support to larger businesses, which are most often targeted given they offer the cybercriminal groups the greatest rewards.

The larger the business, the greater the risk of damage or disruption to the Australian population and economy.

Yes, it’s great that the Australian government acknowledges the need for functional and up-to-date digital infrastructure; as Frydenberg said, the bonus deduction is aimed at cutting the cost of going digital and backing businesses that were “embracing the digital revolution”.

But the strategy and the money that they are throwing against it won’t facilitate any real change. As the Harvard Business Review pointed out earlier this year, “effective cyberdefence is a long game requiring sustained strategic investment, not a last-minute bolt on”.

While there have been some small beacons of light over the past government term – such as the $43.8 million invested in training and skills development to improve the quality and quantity of cybersecurity professionals in Australia – there is so much more that needs to be done.

A good starting point would be a proper, long-term government strategy that has the levels of investment required to make it a success.

Meanwhile, it will be up to leaders across corporate Australia and the digital industry to drive awareness and investment in cybersecurity preparedness because as difficult a pill as it is to swallow, spending money on avoiding a cybersecurity attack is nowhere near as bitter as paying a criminal over the odds to unlock your systems to retrieve your data.



Original Source link

Leave a Reply

Your email address will not be published.

− one = one