The new principles have been developed by the Australian Institute of Company Directors and the Cyber Security Cooperative Research Centre in consultation with government and industry experts.

Cyber Security Minister Clare O’Neil commended the new rules to all organisations and said building up the nation’s cyber defences would require a “huge collective effort across government and industry.” She pushed company directors to “lift their own cyber literacy levels”.

“As Australians entrust their most sensitive data to organisations, there is a legitimate expectation that it will be protected,” Ms O’Neil said. “It is the responsibility of all organisations across Australia to make stronger cyber security practices a priority and make the necessary investments where needed.”

The principles call for cyber risk and strategy to be included on board agendas and the establishment of clear lines of management responsibility for cyber resilience. A strategy should be developed based on an understanding of the key digital assets of a company, who has access to them and how they should be protected.

The report says cyber risks should be reflected in the existing risk management frameworks of organisations and in the key performance indicators of leaders. Directors should also prepare and plan for cyber incidents, including through the running of exercises.

More related stories

Nation

PM’s warning for insurance firms as storms, worst rain ‘in decades’ raise flood risk, ‘trap’ Dutton

Anthony Albanese has pledged to 'hold insurance companies to account' and Peter Dutton says he's trapped at home by rising waters with 'very dangerous' thunderstorms set to add to rainfall totals of above 450mm for the weekend.

Read more

Politics

Coalition cries foul over Climate 200 ‘push polls’

Coalition frontbenchers Dan Tehan and Julian Leeser have ­attacked Climate 200 over ‘push polling’ they say favours its hand-picked candidates.

Read more