Cyber security: the new challenge for company directors

1 Jun 2018

ASX data shows that 80 percent of companies expect an increase in cyber risk over the next year, but who is responsible when cybercrimes occur?

This is a question that The University of Queensland’s Dr Thea Voogt is working to answer.

The TC Beirne School of Law researcher said company boards must be proactive in protecting data and becoming cyber resilient.

“Company directors have to be across so many risks and take responsibility for compliance with a large number of laws, but cyber and data security is one that is becoming increasingly important,” she said.

“When data breaches occur, boards are ultimately responsible for complying with the Privacy Act and the new mandatory notifiable data breaches scheme, but the impact of significant breaches is much wider.

“Boards have to deal with the reputational fallout and shareholders may feel it in their pockets.

“Each director has to consider what it is that they should do and know about cyber security and data protection.”

Dr Voogt is researching case law in Australia and the US to investigate the legal duties of non-executive directors at large listed companies.

“Non-executive directors play a critical role in large companies,” she said.

“They carry the ultimate responsibility, but are not involved in the day-to-day operations.”

Dr Voogt said there were lessons to be learnt from data breaches that have occurred elsewhere.

“In the US, significant data breaches have led to shareholders taking legal action against directors,” she said.

“In Australia, the risk of shareholders taking directors to court using company law may not be as great, but ASIC views cyber resilience as part of each director’s statutory duty of care and diligence.

“Company law doesn’t tell us what non-executive directors should know or do about risks such as cybercrime.”

Dr Thea’s research project aims to bring greater clarity to the duties and skills required within company boards. 

 “We need a refinement of the skills required by non-executive directors particularly in large companies, where more than 80 percent of the directors are appointed in non-executive positions.”

Media: Dr Thea Voogt,, +61 7 3346 7540, +61 437 271 359; Caroline Enright,, +61 7 3365 2596.