The Turnbull government has assured the nation it will hammer down on the heads of agency chiefs after a recent report found government departments to be the "weakest links" in Australia’s cyber-security national defences.
The Australian National University’s National Security College (NSC) and Macquarie Telecom Group surveyed 22 government agencies and 36 medium-sized businesses to discover “widespread frailties” in cyber-security at the executive layers within the public and private sector.
The report found executive knowledge of cyber risks such as malware, hacking, or data breaches, to be “inadequate”, with 40 per cent citing that there was poor knowledge at board level of risks like malware, data breaches and hacking.
Results also showed the private sector to be reluctant in its engagement with government cyber-security initiatives. Only 29 per cent of respondents would seek to report an attack if they lost client data and just 21 per cent cited their legal obligation as a reason to report an attack, the report found.
There is also rare consideration of cyber-risks within the public sector, with no agency heads reporting or reviewing cyber-risk management monthly or weekly, the report found.
In launching the report, Federal Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, said the government would press department heads to urge them to strengthen their cyber-security awareness and management.
"What I will be doing is writing to all cabinet ministers asking them to point out to their departmental heads and agency heads the need for them to take cyber security very seriously," he told the ABC.
"[I will also urge] the need for them to make sure that there is reporting occurring at senior levels of the executive, and that there is someone responsible at the senior level of the executive for cyber security," he said.
Currently, cyber-crime is the second most-reported economic crime, affecting 32 per cent of organisations, at a cost to the Australian economy, estimated to be as high as $17 billion annually.
The report comes as Tehan reiterates the government's drive to working with the private sector in the aim of improving the country's cyber-security capabilities.
At the opening of Optus Business's new security operations centre on 2 November, Tehan said that continued investment from both the public and the private spheres is essential for the Prime Minister's cyber security strategy.
“The Australian Government recognises that cyber security is not a job that government can do alone," he said.