The cyber-attacks of Optus and Medibank last year has brought out a ‘mad as hell’ ASIC (the corporate regulator), who’s threatening to punish company boards and their directors if they fail to protect their customers with appropriate shields from online scam merchants and thieves.

The Office of the Australian Information Commissioner reported that there were 409 data breaches between January and June, and the Australian Bureau of Statistics has said at least one in five businesses were breached by hackers last year!

ASIC’s chair and the Federal Government’s Home Affairs Minister Clare O’Neil will outline their expectations of company boards at the AFR’s Cyber Summit today.

The Minister will outline six planks in her Cybersecurity Strategyplatform to ensure companies don’t get attacked by cyber criminals, with a high priority to be given to the plank that forbids companies selling anything to consumers that is cyber insecure.

This means companies that leave the window open for hackers to steal personal data will cop it from ASIC. It should also be a bonus for companies that specialise in cyber security and insurance.

The regulator will want to know that companies have a demonstrable risk management plan, and all this will mean extra costs for their bottom lines.

The AFR says “…the [Government’s] strategy will focus on ensuring individuals and small businesses are well-educated on the basics of cybersecurity; facilitating partnerships between key actors, including government, telcos and banks; and hardening essential infrastructure such as water, energy and healthcare systems. Other areas include improving sovereign capability by fostering local enterprise and skills; and working closely with other governments around the world who are facing common adversaries.”

At this stage it’s not known what kind of penalties are coming, but soon they’ll be made public. Judging from the ASIC website, there will be “significant penalties”.

The big question is whether small businesses will be expected to be as cyber-secure as bigger businesses. The cost of getting assessed to be cyber-secure isn’t cheap and suggests every business will have to have cyber insurance.

Also, every business will have to make sure that other businesses they deal with are also cyber secure. This is great news for consumers, cyber protection businesses and cyber insurance companies!