The BGA Australia Team, led by Managing Director Michael “Mick” McNeill, wrote an update to clients on the business implications of Australia’s new cybersecurity strategy.


  • The Australian government on February 27 released a discussion paper to inform the development of its 2023-2030 Cyber Security Strategy. Submissions commenting on the draft close April 15, and the strategy will be published by the end of the year.
  • The discussion paper focuses on three core policy themes to strengthen cybersecurity in the private sector:crafting reasonable expectations on industry practices through regulation and their impact on Australians; strengthening Australia’s international strategy on setting standards in cybersecurity; and bolstering government systems by developing capabilities, acquiring correct technologies and embracing best practices.


  • The paper suggests future regulatory reform could include a new Cyber Security Act, which would aim to harmonize Australia’s patchwork of policies, laws and frameworks within the cyber domain. The proposed Cyber Security Act would synchronize cyber-specific legislative obligations and standards across industry and the government.
  • The government aims to become a global thought leader and shape thinking about new and emerging technologies that are built-in with safety and security. The consultation paper is clear that the government wants to play a leading role in the development of international norms and standards on responsible state behavior in the cyber domain.


  • Companies will have opportunities to press for the removal of unnecessary regulations, create an environment that attracts investment in cybersecurity and other critical technologies and shape the cybersecurity relationship between the government and industry for the next decade. Nevertheless, the strategy will lead to greater obligations for companies in a likely new Cyber Security Act.
  • Companies should be aware that the discussion paper suggests amending the Security of Critical Infrastructure Act to include customer data and “systems,” as protecting customer data will be a key focus of the strategy.

BGA will continue to keep you updated on developments in Australia as they occur. If you have any questions or comments, please contact BGA Australia Managing Director Michael “Mick” McNeill at