2024 to be ‘year of the cyber professional’
Specialists say business leaders will need to prepare for more scrutiny, enforcement action and lawsuits related to digital security than ever before.
Business leaders will face heightened pressure this year to manage cyber security threats as regulations and lawsuits come to the fore, specialists predict.
Cyber partners Brendan Read and Tony Vizza from insolvency firm KordaMentha said leaders would be expected to prevent cyber attacks and investigate when they happened or face punitive action from regulators and stakeholders through the courts.
Next year would “be the year of the cyber professional as the pressure on business leadership for compliance and better handling of breaches increases”.
They said a consultation was underway to close regulatory gaps identified by the government’s landmark cyber strategy last year, including mandating ransomware reporting and anti-scam obligations for businesses.
Proposed reforms to the Privacy Act last year that increased penalties and government enforcement powers would also take effect by the end of 2024, Mr Read and Mr Vizza said.
These regulations would result in increased pressure on company boards and greater recruitment of people with cyber knowledge to boards, they predicted.
Directors who failed to act with reasonable care and diligence on cyber security could also be punished by ASIC for breaching their governance duties.
Increased regulation would also open the door for victims of cyber attacks to take action against businesses, they said.
For example, the overhaul of the Privacy Act would allow individuals to take direct action in the courts if their privacy was breached.
“As part of this heightened regulatory activity, we are likely to see the first judgement from litigation brought by regulators as well as an increase in class actions from those impacted by the consequences of cyber breaches,” they said.
Likely plaintiffs would be shareholders whose investments lost value due to “perceived negligence on the part of management of a listed entity” or customers of large organisations whose personal details were stolen.
“The cumulative effect of these actions is to create an environment in which cybersecurity preparedness is mandatory, not just desirable, with actions taken by business leadership held to scrutiny both legally and morally,” they said.
To bolster cyber preparedness, Mr Read and Mr Vizza recommended finding cyber lawyers, expert investigators and crisis communication professionals in advance.
“There isn’t time to scramble for recommendations after the fact. Because year on year, we are seeing that when it comes to cyber breaches, it’s a matter not of if, but when,” they said.
About the author
