Optus cyber attack a wakeup call for data guardians, experts say
Share
Cybersecurity experts are saying Australia’s regulations on data management and privacy laws need to be strengthened in order to hold public agencies and businesses more accountable in wake of the Optus cyber attack.
CDU’s College of Engineering, IT and Environment Associate Professor Mamoun Alazab said the recent privacy breach of Optus highlighted the deficiencies in reporting and accountability of cyber-attacks.
Related: ‘Urgent’ data privacy law reforms in wake of Optus data breach
According to Associate Professor Alazab, the Notifiable Data Breach (NDB) scheme was not adequate in helping protect individuals who had their personal data stolen in the Optus cyber attack.
“The burden of proof of harm is on the individual who had their data stolen. The laws need to be strengthened to make businesses more responsible and accountable,” he said.
“It was only a matter of time before we experienced an attack of this size, and it exposed the problems with responsibility and accountability in the cybersecurity space. Only victims of a data breach are responsible for dealing with the consequences.”
Cybersecurity experts at CDU had been warning the public about the lack of transparency for years.
CDU Lecturer in Law Dr Jenny Ng, from the Asia Pacific College of Business and Law, said the NDB scheme, which was introduced in 2018, made it mandatory for a regulated entity to inform the Office of the Australian Information Commissioner and the affected individuals of a serious data breach.
“However, it remains difficult for the victims of data breaches to establish a successful cause of action in court mainly due to the lack of a specific cause of action under Australian law that would allow a person to bring an action for a breach of privacy,” Dr Ng said.
Associate Professor Alazab, Dr Ng and Dr Seung Hun Hong from the Korea Institute of Public Administration published a paper, in the Future Generation Computer Systems journal, last year on the regulatory deficiencies of the reporting process on cyber-attacks.
Associate Professor Alazab said there have been numerous cases in corporate Australia of poor data management and breaches reported under the NDB scheme.
“Cyber threats are increasing at a rapid rate, and they are becoming more sophisticated, so without comprehensive monitoring and policing it is making people extremely vulnerable,” he said.
“This will not be the last time that Australia’s corporate world will have to face such a large data breach, and it will be judged by its response to it.”
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.
Today’s Pick
11th Annual Aus Goverment Data Summit
April 1, 2025
7th Annual NZ Government Data Summit
May 7, 2025
3rd Public Sector Comms Week
May 14, 2025
Subscribe
We send emails,
but we do not spam
Join our mailing list to be on the front lines of healthcare , get exclusive content, and promos.
AI appointment Australia Australian boost boosts business businesses covid-19 cyber attack cybersecurity cyber security data data breach data management defence Digital employment enhance enhances fraud funding governance government grants Healthcare infrastructure Innovation Lockdown management new zealand NSW NZ online privacy public Public Sector queensland renewable energy scams security Social Media Technology telecommunications victoria
Last Viewed