In August on the eve of the Jobs Summit and at the time marking his first 100 days in office, Anthony Albanese delivered a keynote address to hundreds of top executives declaring the business community was “central to our journey to a better future”.

The Prime Minister told the Business Council’s annual dinner he wanted genuine engagement and a substantial partnership between business and government. A strong business sector was vital for growing the economy, boosting productivity and improving living standards, he said.

Now approaching 200 days in office, there is growing anxiety among some business leaders about the relationship hitting a rough patch. While Albanese has been true to his word about offering business a seat at the table, there is a feeling among chief ­executives they are not being listened to.

A proposal to put price caps on gas prices is the latest warning bell that makes big business uncomfortable about aggressive intervention. Even those not in the energy sector fear their industry could be the next one targeted. It also comes amid a backdrop of fear around a new super-profit tax on miners or the prospect of a reboot of the major banking levy as rising interest rates boost profits.

There is deep and broad concern around multi-sector enterprise bargaining as another form of intervention when none was needed. The only case made to make changes to the wages system had been for low-paid workers in mostly government-funded industries such as aged care, but the entire economy was targeted in the solution.

Wages are rising under the existing system, but it seems in some sectors not fast enough. National Australia Bank workers this week rejected a pay rise of up to 5 per cent, with the higher rate going to lower-paid staff.

The bank late on Thursday night showed it was acting in good faith, committing to pay the higher wage increases that were on the table even though it is not required under the existing 2016 enterprise agreement.

NAB chief executive Ross McEwan said the bank would continue to listen to colleagues and work with the Finance Sector Union to progress a new enterprise agreement.

Woodside meanwhile, is planning to spend more money to squeeze additional gas from the fast-declining Bass Strait fields off Victoria. At the same time, it is considering funding an LNG import terminal. Both measures are designed to ease the supply squeeze on the east coast.

But Woodside chief executive Meg O’Neill was blunt: the proposed gas price caps would mean the energy company would spend money on other projects that ­offered a higher return. Quite simply, price caps would undermine any market solution to getting more gas pumped into the domestic market.

“It might feel good for a short period but the outcome will be underinvestment in supply,” she told an investor briefing on Thursday.

The next big test for business is set to come around Labor’s planned Same Jobs, Same Pay legislation, which is being slated for parliament’s return early next year. This bill would seek to align pay rates in jobs that are outsourced with those that are done in-house. This would effectively reinforce the multi-sector bargaining rules set to vastly expand the scope for sector-wide enterprise deals.

Businesses are ending the year on a note of caution, with risks clearly building in the economy. They feel the need to be fully aligned with Canberra to help steer through the coming rough patch from inflation, growth and rising unemployment.

Many companies also have ambitious agendas in line with the Albanese government’s centrepiece green energy transition. But this will require massive investment and goodwill to hit ambitious targets. This is why executives are urging Albanese and his team to put their focus back on the bigger picture and not start small battles.

–

Medibank strategy

It’s a war of attrition between Medibank chief executive David Koczkar and the Russian cyber hackers who are playing havoc with his customers.

Koczkar, with the backing of his board and investors, is fully determined not to pay the hackers a ransom. He refuses to budge on this.

His strategy revolves around the crooks being in the business of making money, which means if they don’t get any cash at some point they will have to write off their investment in Medibank and move on. This is what the hackers have themselves suggested in the latest overnight data dump.

For the hackers, the value of the massive volume of personal data on millions of customers remains in the ability to cause reputational and financial pain for Medibank.

So far Medibank has been able to absorb that pain, although it has not been easy. The longer it goes on, the less leverage the hackers have. Which means they will eventually try their luck with the next unfortunate corporate target.

It is understood the stolen Medibank data is not available in a single universal file, it has to be reconstructed essentially from multiple sets of data, which takes the hackers an enormous amount of effort to stitch together. This complexity further diminishes the value of the stolen goods.

Overnight the group that calls itself REvil claimed to have dumped the entire data cache of the stolen Medibank data on the dark web. But the data released involves raw information, is not complete and has not been joined with customer names.

Medibank is betting the house that its response in dealing with the attack and refusal to pay the crooks will go some way in helping to rebuild its reputation over the long term. It has offered financial support to its most vulnerable customers, counselling and identity monitoring services and has kept communications open – even before it know all the answers.

Hacker standoff

In early October Koczkar was contacted personally through social media platform WhatsApp with demands from the hackers to pay up to $15m in ransom. The insurer turned to a specialist US cyber security firm as an intermediary to deal with the hackers including the firm message there was to be no payment coming. Since then there has been no more communication between Medibank and the hackers.

Data had so far been dribbled out with the previous peak point coming just ahead of Medibank’s annual meeting on November 16, as the hackers hoped investors and customers would raise pressure on the insurer to fold.

Once information such as codes associated with diagnosis and medical procedures is released – while painful for those impacted – it has little direct financial value for crooks unless they were seeking to pursue individual extortion efforts – a process that involves high effort for the prospect of marginal reward for a sophisticated hack.

As well the Australian Federal Police and state and territory police taskforce Operation Guardian will monitor online forums and will go after anyone looking to use the Medibank data on the secondary market. The same taskforce, which includes intelligence agencies, banks and the Australian Cyber Security Centre was also used to the Optus data hack, making it of little value to be used to exploit or ransom individuals.

Still, the pressure remains sky high on Medibank. An independent Deloitte report into what went wrong is expected to be finalised early next year. This is narrowing on how the hackers got access to a super user account which few people in the organisation have access to. It will also look at what secondary lines of defence were in place.

Prior to the attack Medibank was fending off tens of millions of attacks a month against its systems.

Medibank will also be subject to a separate investigation by the national privacy regulator the Office of the Australian Information Commissioner on whether the insurer took reasonable steps to protect the data. Any failures could see Federal Court action and substantial fines.

That followed a complaint lodged by plaintiff law firm Maurice Blackburn Lawyers which it says the OAIC has the power to order compensation to be paid to affected customers.

Elsewhere financial regulator APRA said it has intensified its supervision of Medibank Private as it also waits for the release of the Deloitte report.

The insurer has so far said additional costs relating to the hack and fallout are likely to be up to $35m in the first half.

Medibank won’t be the end of big cyber corporate attacks with global gangs now becoming aware Australia represents a new wealthy market to play their trade. Several Australian companies have paid to have their data returned in recent years and this has flown below the radar. It is understood that not all got everything back.

In this case Medibank is taking a stand over the hack but the question is whether it can bring its customers along with it.

johnstone@theaustralian.com.au

Eric JohnstonAssociate Editor

Eric Johnston is an associate editor of The Australian. He has more than 25 years experience as a finance journalist, including a former business editor of The Australian. He has been business editor of The Sydney Morning Herald and The Age and financial services editor with The Australian Financial Review. His work has also appeared in The Wall Street Journal.

@ejohnno