Cyber Security: why are we not safer?
A public lecture by Professor David Watts, Professor of Information Law and Policy, La Trobe University and 2019 Institute of Advanced Studies Visiting Fellow.
Not long ago we were shocked when we discovered that our personal information had been hacked, stolen and misused. Now it has become a commonplace, routine event, hardly worth much of a conversation around the office coffee machine.
The cost of cyber security breaches to the Australian economy is estimated by the Australian Criminal Intelligence Commission to be $1billion each year. But this estimate only covers direct costs. When both direct and indirect costs, including damage to individuals’ identity (identity theft) and reputation, the impact on the emotional and psychological well-being of those affected, loss of business and employment opportunities and the economic damage that accrues from the loss of intellectual property and other confidential information, the ACIC’s estimate rises to 1% of GDP. This is about $17 billion annually. Australian expenditure on cyber security prevention and threat mitigation is estimated to reach about $4billion in the 2019 calendar year, producing a total cyber cost of around $21billion.
In comparison, the total cost of the National Disability Insurance Scheme is estimated to be about $23 billion over the 2019/20 financial year. The cost of providing Medicare services across the 2018/19 financial year was about $24 billion. The total Australian defence budget for 2019/20 sits at 1.93% of GDP – almost $39billion.
It is difficult to imagine any sector of the Australian economy where the costs to the community are so high and where so much money has been spent on prevention and remediation, apparently without much effect. Why are we not safer? This lecture explores the answers to this question.
Professor Watts argues that the root causes of our cyber failures are attributable to a series of perverse incentives that undermine our ability and willingness to address cyber security issues. He argues that accountability mechanisms do exist and are ‘hiding in plain sight’ but have simply not been pursued through mechanisms such as public interest class actions. He proposes a recalibration of our policy responses to cyber security as a way to answer the question posed at the outset: why are we not safer?
Professor David Watts is one of Australia’s leading data protection experts. An experienced regulator, leader, policy maker, consultant and public and private sector lawyer, he has taken on and solved some of Australia’s most complex privacy and data protection challenges.
As Victorian Commissioner for Privacy and Data Protection, David led the development of Victoria’s protective data security policy framework and protective data security standards. For almost a decade he was the independent statutory regulator over security in Victoria Police.
David is currently Professor of Information Law and Policy at La Trobe University’s law school and is a 2019 UWA Institute of Advanced Studies Visiting Fellow.