Mandatory reporting: a step in the right direction but more needed
Security experts have welcomed the revelation that the federal government is considering implementing a mandatory reporting policy for businesses that have experienced a cyber attack or been extorted by cybercriminals.
During a recent Senate estimates hearing, Home Affairs Secretary Mike Pezzulo said a mandatory reporting scheme is being considered and is “likely” to be introduced at some point.
KnowBe4 APAC Security Awareness Advocate Jacqueline Jayne said such a policy would be a move in the right direction.
“We need more visibility and transparency to encourage more conversations about the actual impact and ferocity of cyber attacks or near misses,” she said.
“[Mandatory reporting] would lead to more conversations and more understanding, with an opportunity to educate and bring awareness of cybersecurity incidents to the mainstream. Reporting can be used as a tool to share and to learn from these incidents.”
She added that mandatory reporting can encourage collaboration and sharing of data within the cyber community.
But DDLS CEO Jon Lang said while mandatory reporting would be a good first step, it is only one piece of the puzzle.
“Without a much stronger focus towards cybersecurity training at an executive and board level, we will simply see more organisations suffer reputational and financial loss,” he said.
“We need to place a much stronger focus on transforming underskilled organisations into cyber-ready organisations, to stop ransomware attacks before they occur or at least reduce their damage. We need to take a preventative approach through education, not a reactive approach following a breach.”
Research into the attack surfaces of 1500 major companies found that the average corporate...
A survey has revealed that the emergence of remote work has shifted CISO priorities from...
Industry experts have urged organisations to boost their cyber resilience policies, after an...