The Law Council of Australia (LCA) has commended the actions the Australian government has taken in the first stage of its seven-year cyber security strategy and looks to provide further advice for its second, penultimate stage, while also arguing for subsidies for small businesses like law firms.
In its submission on Horizon 2 of the federal government’s 2023–2030 Australian Cyber Security Strategy – the second stage, which is running from 2026–28, the LCA stressed the need to ensure proportionality, consistency, and certainty within the regulatory landscape, whilst also recognising the “very real and potentially devastating impacts” of cyber security threats.
LCA president Juliana Warner said: “Given the significant harms caused by cyber attacks and data breaches on individuals and organisations, cyber security management should no longer be considered optional.”
“Horizon 2 will be defined by its interaction with new developments in artificial intelligence (AI) and quantum technologies, and by how it aligns any developments with productivity outcomes.”
The advocacy body said that this new stage is an opportunity to empower businesses and embed cyber security messaging across the entire economy, but especially for small to medium businesses (SMBs).
LCA focused on four key areas: firstly, it encourages awareness for SMBs and advises them on how they can achieve effective cyber security standards with their limited resources. Next, it aimed to show the benefits of a regulatory impact analysis to ensure the government takes adequate steps to adequately provide for SMBs in achieving cyber security targets.
Thirdly, it stressed the need for widespread cyber security awareness and messaging across all societies. Finally, it emphasised the need for the government to provide consistent and shared education across public entities to ensure this information is reaching those most vulnerable.
“It is … critical that organisations of all sizes implement robust cyber security measures, supported by relevant minimum standards and codes,” LCA said.
Warner noted: “Small businesses are increasingly under pressure to manage compliance and risks associated with cyber crime, privacy and data security, and other reporting obligations.”
“This is particularly the case for the legal profession, where the vast majority of legal practices in Australia are sole practitioners or small- to medium-sized businesses.”
LCA added: “It is, therefore, critical that organisations of all sizes implement robust cyber security measures, supported by relevant minimum standards and codes.”
“The Law Council looks forward to continuing to engage with the Australian government as it refines Australia’s regulatory, legislative, and policy settings to build national cyber security resilience and enhance cyber security across the economy.”
