Business Council of Australia wants clarity on ransomware payments in cyber strategy | #ransomware | #cybercrime

“Government or regulator responses should not revictimise organisations or individuals who are already trying to cope with a crime committed against them,” the submission said.

“Instead, government should set out a plan to construct bidirectional, timely information sharing.

“In an environment where business investment as a share of GDP is at 30-year lows and capital is leaving Australia on a scale not seen since World War II, Australia can’t afford to throw more sand in the wheels.”

Home Affairs and Cybersecurity Minister Clare O’Neil announced an industry consultation for development of a new national cybersecurity strategy to cover 2023-2030 in April, naming former Telstra boss Andy Penn to lead a new expert panel.

Cybersecurity Co-operative Research Centre chief executive Rachael Falk and Air Marshal Mel Hupfeld are on a panel advising the government on the strategy.

The BCA says the government should focus on measures which can lift whole-of-economy cybersecurity standards, including for small and medium businesses which face chronic cyber skills shortages and growing risk.

The submission said any new programs should be properly assessed against a future generation of cyber problems and challenges.

Cyber threat exercises are planned with the banking and finance sectors, a strategy which the BCA said must not be used to identify new punitive measures where vulnerabilities or issues are found.

The submission says a strict prohibition of ransomware payments would not be helpful, with many businesses already having policies against paying in place.

“Whether to pay should be left to individual organisations to determine, in close collaboration with government,” the submission said.

“As it stands, businesses do not take these decisions lightly. These decisions involve senior management and board oversight, and involve a wide range of considerations, including operational resilience, reputation and business risk, and the advice of government partners.”

Senator O’Neil’s department expects improving cybersecurity to provide a “significant” boost to the domestic digital economy. The cyber market already contributes about $2.4 billion in gross value added activity, with 11 per cent growth recorded in the sector between 2020 and 2022.

The CSIRO estimates that Australia’s cybersecurity revenue could reach $6 billion a year in 2026.

The BCA said it did not support adding consumer data to critical infrastructure regimes, warning such a move risked exposing businesses to complex additional regulatory requirements.

Source link

National Cyber Security