Boards and managers will soon be held responsible for protecting their organisations, shareholders, and customers from cyber risks as cyber attackers continue to take advantage of the work-from-home environment – potentially increasing directors and officers (D&O) liability insurance premiums.
Paragraph 36 of Australia's Cyber Security Strategy 2020, released by Home Affairs Minister Peter Dutton last year, stated that the government will consult with businesses to consider reform options, including “the role of privacy, consumer, and data protection laws; duties for company directors and other business entities; and obligations on manufacturers of internet-connected devices.”
According to a report in the Australian Financial Review, cybersecurity consultants and risk experts said the Treasury, charged with leading the cyber consultation, will implement rules similar to the Australian Prudential Regulation Authority's (APRA) Standard CPS 234.
The regulation makes boards, senior management, governing bodies, and individuals directly responsible for implementing controls to protect information assets by undertaking systematic testing and assurance regarding the effectiveness of information security controls.
The new regulation leaves directors and officers at risk of legal action resulting from cybercrimes. As a result, D&O insurance, designed to cover claims against directors and officers in breach of their duty and other management failures, could become more expensive.