The Insurance Council of Australia (ICA) is calling for an expansion of business cybersecurity obligations as AI-driven automated cyber attacks and other emerging risks threaten the cyber resilience of Australian businesses.
In its submission to the Department of Home Affairs' Horizon 2 of Australia's 2023-2030 Australian Cyber Security Strategy, the ICA identifies AI, quantum computing, and consumer-managed personal data stores as key weaknesses that could threaten Australia's cyber security future.
Small and medium businesses (SMBs) have a unique cyber security vulnerability, with technologies like automated malware making them susceptible to larger AI-driven campaigns, unlike targeted attacks traditionally facing larger businesses.
The submission calls for coordinated government and industry action to strengthen the nation's digital defences, including:
- Technology Provider Accountability: Greater obligations on developers of off-the-shelf technology commonly used by SMBs - a government endorsed framework could reduce the direct cyber burden on smaller entities.
- Workforce Development: Establish cross-sector placement programs to rotate cyber security professionals from government and large entities through SMBs, providing critical experience while embedding sustainable cyber practices
- Enhanced Ransomware Protection: Expand ransomware reporting obligations to include a broader range of entities
A national approach to cyber security should recognise that some sectors or businesses will have a greater capacity to resource and invest in the solutions, and this must be shared with those who have less capacity, such as SMBs.
Insurers, alongside government and other large organisations, can play a key role in lifting SMB cyber resilience by leveraging touchpoints - such as insurance policy renewals - to deliver consistent government cyber security messaging.
The ICA supports the Government's ongoing digitisation efforts and continues to work with the government to enhance Australia's national cyber resilience.
The submission is available on the ICA's
Quotes attributable to ICA CEO Andrew Hall:
"While large businesses generally understand cyber risks well, our challenge now is improving cyber hygiene among individual Australians and small businesses.
"SMBs are not as well-resourced as their large counterparts, with managers having to operate across all aspects of business, allowing limited time for cyber security.
"Improving cyber literacy will help SMB decision-makers balance insurance costs with preventive measures, which can positively influence their insurance premiums."
