The submission noted that a large number of entities across an expanded list of industries will be subject to the extensive existing and proposed obligations under the Act, including Government intervention and directions powers. In the context of this expansion, and the importance of protecting Australia’s key assets and infrastructure, the AICD encouraged the Government to provide extensive guidance and support to entities to meet the objectives of the reforms.

The key points the AICD made in relation to the Bill were:

  • Support for the principles-based drafting of the Risk Management Program obligations and the flexibility provided to entities to utilise existing risk management requirements to meet the obligations. We recommended extensive guidance and support for entities and directors in understanding the requirements and understanding better practice expectations.
  • Support for the proposed expanded statutory immunity provisions.
  • Recommended further work across government to find opportunities to align and/or harmonise existing and proposed cyber security reporting obligations.

You can read a copy of the submission here.