Working with the private sector Prime Minister Malcolm Turnbull last week announced the government's cyber security strategy, which will focus on closer collaboration of government and business. It is the result of a year-long review of the industry. The strategy will see the Australian Cyber Security Centre moved away from the Australian Security Intelligence Organisation in Canberra to allow for greater ties with business. It said it is hoping to set up voluntary guidelines "co-designed with the private sector" to help organisations improve their cyber security resilience.

Cyber insurance boom The government said cyber security health checks would "enable boards and senior management to better understand their cyber security status". Ty Miller, director of security firm Threat Intelligence, said health checks were becoming popular in the industry because of the growing number of insurance companies offering cyber security protection. "There's an increasing amount of cyber insurance being purchased, because there are so many more breaches happening these days," he said. "When you sign up to a cyber insurance policy, you have to have a certain level of security in the organisation, and you can check that through a health check."

Company boards partner with Data61 The scheme comes amid another deal between government and business over cyber security. Data61, the government's data agency, has signed a memorandum of understanding with lobby group Australian Institute of Company Directors to enhance the understanding of cyber security by company boards. The deal will see government agents come up with a cyber security 'curriculum' for corporations. "Australia is facing a major challenge as a result of digital disruption and our changing economy," Data61 chief executive Adrian Turner said.

"This MoU is a key example of how we're collaborating with business to address these challenges and use our science and tech knowledge to help Australia stay competitive and prosper in the future." Regulation, not self-regulation Industry experts said on Monday that large companies should have to shoulder the burden of data protection themselves. "If the ASX100 are not competent enough to govern their own cyber security issues, those boards are not doing their jobs," said Dr Robert Merkel, a lecturer in software engineering at Monash University. Mr Merkel said the government needed to focus on introducing laws that protected consumers against a data breaches, rather than working with companies to set their own rules.

"We've had several decades of self-regulation when it comes to cyber security and in many cases it simply hasn't been sufficient to encourage business to do the right thing," he said. "Some businesses' cyber security practices are not up to scratch, and nothing in the cyber security strategy is likely to change that." Nick Abrahams, partner at law firm Norton Rose Fulbright, said it was the job of government to protect Australian companies and individuals from cyber security attacks. "Obviously there needs to be due diligence on the part of corporations, particularly those that are in control of our most significant pieces of infrastructure," he said. "[But] it's hard to make a hard and fast rule."

Mandatory reporting of breaches missing A draft bill has been put before parliament that would force companies to report serious data breaches to regulators and affected individuals. The bill is not expected to be introduced before the election. The Attorney General's office declined to say when the bill would be introduced. Fairfax Media understands the government is revising the bill with the aim of reducing the regulatory impact on business. Banks have pushed back against the law, with a submission by the Australian Banking Association attacking various provisions in the proposed law as being convoluted.

The lobby group said it would dampen public confidence in the digital economy that the government wants to encourage. Mr Miller said Australia urgently needed mandatory breach reporting to bring it into line with the United States and Europe. "It really should have been in a long time before now. It's amazing that we didn't have a data breach notification bill years ago, yet alone now." Calls for transparency Gerard Brody, chief executive of the Consumer Action Law Centre, said if companies wanted to retain trust in the community, they needed to be transparent about when data breaches occur.

"Businesses can keep consumer confidence in the digital economy by investing in security and being open and honest with us," he said. "Being open and transparent about the security of our personal information is the only way to pressure for high standards and keep trust with consumers."

An earlier version of this story incorrectly stated the government would pay for the cyber security health checks.