Cyber breach in real time: trust and verify
Waikato DHB’s cyber breach showed director Shayne Hunter the pressure, uncertainty and human cost boards need to prepare for.
Cybersecurity submission challenges proposed director liability
The IoD supports a stronger cyber regime for critical infrastructure, but says the current proposal goes too far on director liability.
DPMC has proposed a broader cyber security regime for critical infrastructure. The package includes better visibility of who owns and controls critical infrastructure, protected information-sharing on cyber threats and vulnerabilities, mandatory reporting of serious cyber incidents, minimum cyber risk management requirements for critical infrastructure entities, and reserve ministerial direction powers in limited national security circumstances.
The IoD’s submission supports the case for a stronger baseline for managing cyber risk. It supports minimum requirements, serious incident reporting and better information-sharing. Its main concern is with the proposed liability model. The submission says the primary duty should sit with the entity, not individual directors, and that personal criminal liability is not justified in a regime that remains broad, evaluative and still dependent on matters outside directors’ direct control. It also warns against settings that could, in practice, penalise entities and directors when they are themselves the target of cyber offending.
The submission calls instead for a workable, proportionate entity-level regime, with clear implementation settings and staged enforcement.
Read this article on why directors should pay close attention to the consultation.
Related content
