Key Points:

Cyber Security requires constant vigilance and adaptation. There is no "set and forget solution".

Governments, including the Australian Government, are increasing its cyber security efforts as attacks on Australia's networks risk billions of dollars lost to the economy each year.

On 7 December 2015 the Australian Government announced it will provide funding of $30 million through to 2019-20 to establish a Cyber Security Growth Centre (CSGC) as part of its National Innovation and Science Agenda.

With the global cyber security market currently worth over $71 billion (USD) and estimated to grow to $170 billion (USD) by 2020, the Australian Government expects the CSGC will create business opportunities and reinforce Australia's cyber security industry.

In this article, we will identify the risks of cybercrime to businesses and explain how improved cyber security can facilitate businesses to become more economically competitive and innovative in light of the Australian Government's CSGC and strategy on cyber security.

The "Ideas Boom" with Cyber Security as a "critical new sector"

Under the National Innovation and Science Agenda (NISA) the Australian Government wants to drive a so-called "ideas boom" to bolster innovation and help Australia transition away from the mining boom.

The NISA identifies cyber security as a "critical new sector". An essential aspect of the NISA focuses on meeting the growing demand for innovative cyber security solutions that will empower all Australian businesses to operate with trust and confidence online and allow innovation to flourish.

The Department of Prime Minister and Cabinet Cyber Security Review (2015) found that cyber security connects people, creates new markets for businesses and fosters the innovation that will create jobs and allow Australia's economy to grow. Notably, strong cyber security gives Australian business a competitive advantage in an increasingly connected market.

Australian businesses and researchers have expressed that they want a co-ordinated national approach to cutting-edge cyber security research and innovation. The Australian Government expects this can be achieved by establishing an industry-led CSGC to promote security and growth for Australia online.

The Australian Government expects the CSGC to be an exciting opportunity to become a world leader in cyber security change and innovation, and that businesses will be able to access other aspects of the NISA to innovate, invent and apply new ideas to develop Australia's cyber security.

What is the Cyber Security Growth Centre?

The CSGC is the first initiative to be implemented under the Australian Government's Cyber Security Strategy to improve Australia's security performance and is expected to be operational by mid-2016. It will be an independent, not-for-profit company, led by a board of industry leaders who will work together with researchers and governments to form a national security innovation network.

According to the Australian Government the CSGC will identify and address industry needs, develop a strategic vision for Australia to become a global leader in the cyber security industry and attract investment from multinationals.

The Australian Government expects that the CSGC will enable Australia to:

  • become a global industry leader;
  • improve access to global supply chains and international markets;
  • help Australian businesses and governments to address the growing threat of cybercrime;
  • improve engagement between research and business;
  • improve management and workforce skills; and
  • bring about regulatory reform

The strategy for the CSGC is due for public release next year after the conclusion of a classified review of Australia's security policies by the Department of Prime Minister and Cabinet.

Why is cyber security important?

Cybercrime poses a serious and evolving threat to Australia's national security, economic prosperity and social wellbeing. Corporations and governments are faced with ever present cyber-attacks - ranging from disgruntled employees to organised cybercriminals and nation-states who are compromising, stealing, changing or destroying information - potentially causing critical disruptions to Australian systems and businesses.

Given the increasing pace and complexity of the cyber threats, it is critical for governments and Australian businesses to be proactive in identifying and understanding associated risks to ensure the development of appropriate mitigation strategies and implementation of cyber security measures.

Cyber security is one of Australia's national security priorities under the Prime Minister's 2008 National Security Statement. The Australian Government defines cyber security as:

"Measures relating to the confidentiality, availability and integrity of information that is processed, stored and communicated by electronic or similar means".

Businesses must implement and continually review approaches to cyber security measures to protect the integrity of their own operations and the identity and privacy of its customers. Without effective cyber security measures in place, the potential impact to companies may include:

  • Intellectual property losses – including trademarked and patented material, commercially sensitive data and client lists, which could have a substantial financial impact.
  • Property losses – including information or stock, leading to delays or failure to deliver.
  • Penalties (legal and regulatory) – including fines for data privacy breaches, customer and contractual compensation for delays and breach of directors' duties for failure to govern the organisation properly.
  • Administrative burden – including allocating resources to address a successful cyber-attack, correcting the impact such as restoring client data and confidence, communications to authorities, replacing property and restoring business to its previous levels.
  • Time – lost due to investigating the losses, keeping stakeholders advised and supporting regulatory authorities (legal, financial and fiscal).
  • Reputational losses – causing a decline in market value, loss of goodwill and confidence by customers and suppliers.

The CSGC and the Cyber Security Strategy - what it means for businesses

The Attorney-General's Department's Cyber Security Strategy report (2009) articulates the aims and objectives of the Australian Government's cyber security policy. The aim of the Cyber Security Strategy is to "promote a secure, resilient and trusted electronic operating environment that supports Australia's national security and maximises the benefits of the digital economy".

As the scale, complexity and impact of cybercrime continue to grow with our dependence on technology and the digital world, businesses are being forced to shift their thinking to explore new and innovative ways to invest and operate technology. As mentioned, the CSGC is an integrated approach to fighting cybercrime that will seek to address the strategic vulnerabilities of an increasingly hostile online environment. However, confronting and managing these risks must be balanced against the civil liberties of Australians. These include the right to privacy and not hindering businesses with undue administrative and regulatory burden. Businesses need to be able to promote efficiency and innovation to ensure they can realise the full potential of the digital economy.

Until the strategy for the CSGC is released, it is difficult to foresee and identify the implications that may arise for businesses. However, when the time comes, the key for businesses would be to take advantage of the technological advancements and cyber security measures put forward by the CSGC. New developments in cyber security may spur more innovative business models, products and services and markets. It will also enhance the availability, integrity and confidentiality of Australia's information communication and technology.

You might also be interested in...

Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this bulletin. Persons listed may not be admitted in all states and territories.