Aus Govts Need Unified Cybersecurity Standards: Report
A new report has urged government to prioritise cybersecurity as a mandatory procurement requirement, and to create an industry-wide standard.
Commissioned by the Australian Strategic Policy Institute, the Working smarter, not harder report warned that, despite being the nation’s largest spenders on information and communications technology (ICT), Australian governments are not leveraging their market power to improve cybersecurity.
The federal government alone spends more than $10 billion on ICT procurement per year; however, its cybersecurity strategy has been allocated an average of just $65 million over the past four years, the report found.
“Government can harness its spending power to not only improve its own cybersecurity, but to drive better cybersecurity throughout the wider economy. However, current approaches are fragmented and having limited impact, so a concerted national effort is needed, underpinned by major strategic changes in approach,” it said.
The report recommended federal, state, and territory governments work together to create a single, unified and coherent set of security standards expected of ICT suppliers.
“The standards need to be more than just a tick-the-box exercise to set a minimum standard—they should provide multiple levels through which suppliers can seek to progress by continuous improvement,” it said.