Ai Group expresses support for proposed Cyber Security Act

Act 'walks tightrope between protecting our industries and implementing effective, workable regulation,' group says

Ai Group expresses support for proposed Cyber Security Act

The Australian Industry Group (Ai Group) has voiced strong support for key elements of the proposed Cyber Security Act 2024.

The proposed Act, which was unveiled this week, is part of the Australian government's commitment to enhance the security and resilience of the country's cyber environment and critical infrastructure.

Among the key measures that will be implemented in the Act include:

  • Mandating minimum cyber security standards for smart devices
  • Introducing mandatory ransomware reporting for certain businesses to report ransom payments
  • Introducing a "limited use" obligation for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD)
  • Establishing a Cyber Incident Review Board (CIRB)

Innes Willox, Chief Executive of Ai Group, said the proposed Act "walks a tightrope between protecting our industries and implementing effective and workable regulation for business."

"As Ai Group recommended to the government, we are pleased to see lower-risk SMEs exempted from ransomware reporting obligations. Small businesses do not pose significant systemic cyber risks, and so shouldn't be burdened by onerous and disproportionate compliance obligations," Willox said in a statement.

Ai Group welcomes cybersecurity Act

The chief executive also welcomed the alignment of new national standards for consumer-grade connectable products, also known as Internet of Things (IoT) devices, with international standards.

"This will ensure Australia is interoperable with approaches used in our trade partners, can contribute to international standards making, and reduces the regulatory burden on our businesses," he said.

The Ai Group also expressed its support for the limited use obligation concerning information provided to the ASD and the National Cyber Security Coordinator.

"The expansion of assistance the government can offer a business, who has volunteered information during an incident, must be genuine support a business welcomes in responding to, mitigating and resolving a cyber security incident."

It further welcomed the establishment of the CIRB, while stressing that it is "imperative that the board has a range and depth of expertise, particularly from industry."

Willox noted that while industry is already investing heavily in cyber security as part of their technological advancements, workforce capabilities remain a concern.

"We urge the government to continue to work collaboratively with industry and invest to grow our workforce knowledge and skills to increase our cyber capabilities," he said.