A review of data governance regulation, practices and cyber security strategies for businesses : an Australian perspective

Cyber risks such as cybersecurity breaches, cybercrimes and cyber terrorism are hot topics around the world. Cyber adversaries are regularly targeting government networks and businesses. The problem is not only an IT issue but a significant governance issue. Good data governance practices and cyber-security infrastructure frameworks assist in managing some of the cyber risks and threats without the need for regulatory requirements on corporations and government agencies. However, the maturity of cybersecurity practices varies across government institutions and businesses organisation with many such entities facing significant exposure to cybersecurity risks. There are also inconsistencies in the application of data governance laws, and strategies and regulators are facing significant challenges in regulating and monitoring cybersecurity. As the scope is broad, this paper will only examine Australia's cybersecurity laws and regulation, and if Australian businesses need to rethink their data governance practices and cyber-security strategies. This paper will first map the cyber threat environment in general; examine Australia's current cybersecurity framework and strategies for data governance, and then examine if the Australian framework for cybersecurity meets similar provisions and strategies set under the European Union's General Data Protection Regulation. It concludes with some recommendations for incident response strategies for businesses to implement in order to mitigate and defend against cyber risks.