There’s no doubt that organisations around the world are under the increasing threat of cyber-attack. The Australian Government has responded to this by placing more responsibility for cyber security on executives and board members. Following the enactment of phase one of the Australian Government’s Security Legislation Amendment (Critical Infrastructure Bill) 2020 in November, cyber security is no longer the sole responsibility of technology teams – it’s now a significant component of organisational risk management. This means senior leaders and boards need to be cognisant of the risks and consequences of a cyber-attack, develop the skills necessary to recognise and react to a cyber-attack, and prioritise funding and resourcing as appropriate. The Bill enacts the following urgent reforms, which had been identified by the Parliamentary Joint Committee on Intelligence and Security (PJCIS): The critical framework coverage of the Act has been expanded from four traditional sectors (electricity, gas, water and ports) to 11, encompassing communications, data storage and processing, financial services and markets, water and sewerage, energy, health care and medical, higher education and research, food and grocery, transport, space technology and defence sectors. Written notification of certain cyber security incidents is mandatory and must be provided within 84 hours. The government has established last-resort emergency assistance powers to respond to serious cyber security incidents. For example, the Secretary of the Department of Home Affairs can be authorised to issue an information-gathering direction, an action direction or to authorise the Australian Signals Directorate to intervene when a cyber security incident has occurred, is occurring, or is likely to occur. While Bill Two will be introduced and enacted more slowly, it is anticipated that following industry consultation, this bill will include obligations to implement and maintain risk management programs concerning critical infrastructure, and the ability to declare Systems of National Significance (with accompanying enhanced cyber security obligations). While reforms could impose a significant regulatory burden on your business, compliance is essential to avoid financial penalties. Need Support for Your Administration? There’s no doubt that managing cyber security is a significant responsibility, especially as the risks of attack continue to increase. At the Ayers Group we have secure online tools, including a customised payroll management platform, management solutions for contingent workers, and visa services to help you get on top of day-to-day administration so you can your turn your attention to bolstering your cyber security. Contact an expert from the Ayers Group today.