Company directors are playing “whack-a-mole” on cybersecurity, according to top lawyers, as a rush to adapt to rapidly changing regulations makes it harder for boards to respond to data breaches and new threats.becoming the latest high-profile corporate hacking target after last year’s breaches at telecoms giant Optus and health insurer Medibank, Corrs Chambers Westgarth technology head James North said breach reporting was “incredibly difficult” and urged it be streamlined.
Optus, for instance, is the subject of four different reviews into its breach. Home Affairs, the Office of the Australian Information Commissioner and the Australian Communications and Media Authority are doing external investigations, and to more sectors. Under the SOCI Act, ASD can already commandeer the systems of critical infrastructure such as power stations or energy grids.“In most cases, when you get a cyber breach, it happened six months ago, but you have only just become aware. When you investigate, the data’s already gone, so there is nothing ASD can do to help you in that situation,” he said.