Australian businesses currently face a cyber security triple threat that has nothing to do with warding off hackers.
Rather there are three new regulatory forces impacting specific points of the cyber security posture of the Australian economy, where relevant businesses will face all kinds of trouble if they fail to keep up to speed.
These external obligations are the Notifiable Data Breach (NDB) scheme, the Security of Critical Infrastructure Bill, and APRA's draft of Prudential Standard CPS 234.
There are lessons to be learned from all three of these external obligations. At a simplified level, the NDB scheme addresses the security of people's data; the Security of Critical Infrastructure Bill addresses the technology that supports our lives, and CPS 234 addresses the processes and governance that protect our wealth.