Australia’s cyber security strategy must not put small businesses into unwinnable situations, the Insurance Council of Australia (ICA) says, claiming good-faith efforts to boost an SME’s digital defences could cut against unfair contract legislation.
The Australian Cyber Security Strategy Discussion Paper, launched late last year by Minister for Cyber Security Clare O’Neil, is seeking feedback from businesses and stakeholders on how to future-proof the economy, the government, and critical infrastructure against mounting cyber threats.
While data breaches at major companies like Optus and Medibank have dominated recent headlines, the paper notes that small businesses are particularly vulnerable to cyber incursions.
“Despite widespread awareness of the potential risks posed by cybercrime, there is no consistent understanding of the practical steps that consumers, small and medium-sized enterprises (SMEs), and other organisations must take to enhance their cyber security,” it says.
“There is an opportunity through the Strategy to invest further in community awareness and skills building for cyber security, including for SMEs.”
Small business advocates, including the Council of Small Business Organisations of Australia, say the strategy should include investment and education to bolster small business defences.
In its submission to the paper, released Friday, the ICA said it “would support the implementation of minimum standards or similar across the broader economy as well as support for small businesses in meeting these.”
It also took a slightly divergent approach, suggesting the strategy ought to consider how new cybersecurity standards may interfere with other regulations.
The peak body suggested the incoming strategy could overlap with an unfair contract contracts regime, which bars big businesses from placing onerous requirements on their small business suppliers.
The security provider for a major corporation may reasonably ask it to ensure its partners, including small businesses, adhere to the same cybersecurity standards.
But if that means subscribing to costly cybersecurity services or investing in major digital infrastructure, the larger business could feasibly contravene unfair contract rules, the ICA states.
The government should ensure any incoming cyber strategy should “harmonise’ with existing rules, the organisation continues.
“Australia’s national cyber resilience is only as strong as its weakest link and ensuring the business community, from sole traders to our largest companies, understand and can meet obligations that are proportional to their systemic risk will strengthen the entire ecosystem,” the ICA states.
Senior Business Journalist
Focused on the small business sector, David’s work covers the political, regulatory, and economic issues facing Australian entrepreneurs. Prior to joining SmartCompany, he was a reporter for Business Insider Australia. You can follow him on LinkedIn.
