In terms of cyber security years, Australia is still in the dark ages, a period typified by a lack of records, and diminished understanding and learning.
We're only a few months into practising mandatory data breach notification, while many parts of the world have been doing this for years. The United States has been disclosing breaches for more than a decade.
Countries where data breach notification is the norm are still maturing, and there is no upper limit for our understanding on managing cyber risk. But you can see that by the steps other parts of the world are taking that they do see security incidents very differently to Australia.
This month, at the annual gathering of the Society for Corporate Governance in the United States, Commissioner Robert Jackson Jr. from the Securities and Exchange Commission (SEC) said investors are not being given enough information about cyber security incidents to make informed decisions.