Medibank

The corporate regulator will question company directors if criminals hack their businesses and they had failed to prioritise cybersecurity.

[There has been a surge in the number of data breaches that have garnered public attention since last year](https://www.afr.com/technology/millions-caught-in-data-breaches-before-optus-or-medibank-20221109-p5bwsc). She acknowledged that while ‘[i]t is not possible to reduce cybersecurity risk to zero … Connect with John on [[email protected]](mailto:[email protected]) “I think at this stage the major priority has to be to encourage boards and to remind them of the obligations in this area,” he said. “That will vary with the size of the business, the nature of the business, what advice they’re getting about the systems they should have in place,” he said. Mr Longo said boards of directors generally understood cyber was a risk, but the challenge was determining what was an appropriate level of investment to minimise the risk of an intrusion.