Snapshot
- Cyber security is a significant business and legal risk that must be taken seriously.
- Internationally, cyber security is becoming subject to stricter regulation.
- Australia’s cyber security laws are piecemeal.
Cyber attacks are increasing in ‘frequency and sophistication’ (Deloitte Cyber Regulation in Asia Pacific, August 2017). In May 2017, the WannaCry ransomware attack affected health records in more than 150 countries, including National Health Service (‘NHS’) records in the UK. In June 2017, the NotPetya ransomware had a global impact within hours. Some claim it is no longer a matter of ‘if’, but ‘when’ a data breach will occur (Marvin B Harper M.D. FAAP, quoted in AAP News ‘Children especially vulnerable to cyber security attacks in health care’ 20 July 2017). In 2016, 59 per cent of organisations in Australia detected a business interrupting security breach on at least a monthly basis, which is more than twice as often as in 2015 (Telstra Cyber Security Report 2017, page 2). Cyber security has always been a business risk but it is also a significant legal risk.
The Australian position
Australia’s response to the threat of cyber attack is set out in the Commonwealth Government’s Cyber Security Strategy. On a practical level, the Australian Cyber Security Centre brings together cyber security capabilities from across Australian Government and is co-located with the Australian Signals Directorate. Both organisations play an essential role in providing strategies to mitigate cyber security incidents. Australia does not however have the same level of cyber security regulation seen internationally. The European Union’s General Data Protection Regulation (‘GDPR’) was adopted by the European Parliament in April 2016 and the Directive on Security of Network and Information Systems (‘NIS Directive’) was adopted by the European Parliament in July 2016. China’s Cyber Security Law (‘the Cyber Security Law’) came into effect on 1 June 2017. Legal protections in Australia are piecemeal and scattered through various pieces of Commonwealth and State legislation.