A public lecture by Professor David Watts, Professor of Information Law and Policy, La Trobe University and 2019 Institute of Advanced Studies Visiting Fellow.
Not long ago we were shocked when we discovered that our personal information had been hacked, stolen and misused. Now it has become a commonplace, routine event, hardly worth much of a conversation around the office coffee machine.
The cost of cyber security breaches to the Australian economy is estimated by the Australian Criminal Intelligence Commission to be $1billion each year. But this estimate only covers direct costs. When both direct and indirect costs, including damage to individuals identity (identity theft) and reputation, the impact on the emotional and psychological well-being of those affected, loss of business and employment opportunities and the economic damage that accrues from the loss of intellectual property and other confidential information, the ACICs estimate rises to 1% of GDP. This is about $17billion annually. Australian expenditure on cyber security prevention and threat mitigation is estimated to reach about $4billion in the 2019 calendar year, producing a total cyber cost of around $21billion.
In comparison, the total cost of the National Disability Insurance Scheme is estimated to be about $23billion over the 2019/20 financial year. The cost of providing Medicare services across the 2018/19 financial year was about $24billion. The total Australian defence budget for 2019/20 sits at 1.93% of GDP almost $39billion.
It is difficult to imagine any sector of the Australian economy where the costs to the community are so high and where so much money has been spent on prevention and remediation, apparently without much effect. Why are we not safer? This lecture will explore the answers to this question.
Professor Watts will argue that the root causes of our cyber failures are attributable to a series of perverse incentives that undermine our ability and willingness to address cyber security issues. He will argue that accountability mechanisms do exist and are hiding in plain sight but have simply not been pursued through mechanisms such as public interest class actions. He will propose a recalibration of our policy responses to cyber security as a way to answer the question posed at the outset: why are we not safer?
Not long ago we were shocked when we discovered that our personal information had been hacked, stolen and misused. Now it has become a commonplace, routine event, hardly worth much of a conversation around the office coffee machine.
The cost of cyber security breaches to the Australian economy is estimated by the Australian Criminal Intelligence Commission to be $1billion each year. But this estimate only covers direct costs. When both direct and indirect costs, including damage to individuals identity (identity theft) and reputation, the impact on the emotional and psychological well-being of those affected, loss of business and employment opportunities and the economic damage that accrues from the loss of intellectual property and other confidential information, the ACICs estimate rises to 1% of GDP. This is about $17billion annually. Australian expenditure on cyber security prevention and threat mitigation is estimated to reach about $4billion in the 2019 calendar year, producing a total cyber cost of around $21billion.
In comparison, the total cost of the National Disability Insurance Scheme is estimated to be about $23billion over the 2019/20 financial year. The cost of providing Medicare services across the 2018/19 financial year was about $24billion. The total Australian defence budget for 2019/20 sits at 1.93% of GDP almost $39billion.
It is difficult to imagine any sector of the Australian economy where the costs to the community are so high and where so much money has been spent on prevention and remediation, apparently without much effect. Why are we not safer? This lecture will explore the answers to this question.
Professor Watts will argue that the root causes of our cyber failures are attributable to a series of perverse incentives that undermine our ability and willingness to address cyber security issues. He will argue that accountability mechanisms do exist and are hiding in plain sight but have simply not been pursued through mechanisms such as public interest class actions. He will propose a recalibration of our policy responses to cyber security as a way to answer the question posed at the outset: why are we not safer?