Melbourne Cybersecurity Conference 2024: What Boards and Executives Need to Know

If you missed AISA’s Melbourne Cybersecurity Conference this year, don’t worry—you’re not alone. The 2024 conference was bigger and better than ever, packed with insights from top speakers and industry leaders. And if there’s one thing that stood out, it’s this: cybersecurity is no longer just a technical problem. It’s a business-critical issue that demands attention at the board level. Here are the key takeaways every board member and executive needs to know.

Table of Contents

AI Is Booming—But What Are the Risks? Australia’s Cyber Laws Are Changing—Fast Boards Must Lead the Way The Enforcement Era is Coming The Time to Act is Now

AI Is Booming—But What Are the Risks?

We’re standing on the edge of the next major tech revolution, and it’s being driven by AI.

One of the standout speakers, Joe Sullivan, put it simply:

  • Boom 1: Internet
  • Boom 2: Mobile
  • Boom 3: AI

Each of these booms has brought game-changing opportunities—and massive risks. The tricky part? We don’t fully know what the risks of AI will be yet, because many of them haven’t been created.

Cybersecurity pioneer Mikko Hyppönen summed it up perfectly:

  • “If data is the new oil, AI is the new refinery. And like any refinery, it’s prone to leaks.”

These "leaks"—whether they’re data breaches, manipulated algorithms, or vulnerabilities in AI systems—could cost companies millions if not handled properly.

Nina Schick took it a step further, reminding us that we’ve gone from the Information Age and have entered the Intelligence Age. AI is everywhere, whether we realise it or not. Your employees are likely already using AI tools to streamline tasks and increase productivity. The question isn’t whether to use AI—it’s how to use it securely.

 

Australia’s Cyber Laws Are Changing—Fast

Australia’s cyber landscape is undergoing a major overhaul, and boards need to be aware of the legislative shifts that will impact their organisations. The 2023-2030 Australian Cyber Security Strategy provides a roadmap for these changes, broken into 6 Shields and 3 Horizons that outline the government’s long-term plan.

Here’s what’s already in place and what’s coming next.

Existing Frameworks

  • Notifiable Data Breach (NDB) Scheme
    Requires breaches that could cause serious harm to be reported within 30 days. Despite being in place since 2018, it’s often ignored or misunderstood.

  • Privacy Legislation Amendment Act 2022
    Recent amendments have strengthened the Office of the Australian Information Commissioner (OAIC)’s powers to enforce compliance and issue fines.

New and Upcoming Changes

  • Privacy Act Reforms (Upcoming in 2024-2025)
    The OAIC now has the authority to perform investigations including searching premises and seizing evidence like other regulators.

    The OAIC can now issue fines without having to go to court.

    Increased risk of litigation and class actions against companies for serious invasions of privacy.

    Companies will need to implement both technical and organisational measures to meet 'reasonable steps' under APP 11.

    Automated decisions with personal information will need to update their privacy policies.

    Overseas and cross-border personal information will include corporate risk

  • Australia's Cyber Security Act 2024
    Introduces mandatory reporting for ransomware payments (within 72 hours).

    Sets new security standards for IoT devices. 

    Includes limited-use measures that protect businesses from legal repercussions when reporting cyber incidents.


Boards Must Lead the Way

Here’s the reality: cyber risk is business risk. Boards and executives must treat it with the same seriousness as financial, operational, or reputational risk.

If your organisation isn’t meeting its cybersecurity obligations, you could be exposing yourself to massive fines and legal action—not to mention the reputational damage that comes with a breach. The OAIC’s expanded powers, combined with the introduction of Australia's Cyber Security Act 2024, mean that penalties will only increase over time.

What Boards Should Be Doing

  1. Integrate Cyber Risk into Your Risk Management Program
    Cybersecurity is no longer just the responsibility of your IT department. Boards must oversee this risk and ensure that resources are allocated appropriately.

  2. Understand the "Reasonable Steps" Standard
    This varies depending on your company’s size, industry, and the sensitivity of the data you handle. However, the excuse of "not having the budget" doesn’t cut it for companies generating $100M+ in revenue.

  3. Focus on Compliance
    Ensure your team is up to date with obligations under the NDB Scheme, Privacy Act 1998, and Cyber Security Act 2024.


The Legal Enforcement Era is Coming

Right now, the government’s approach is focused on learning and collaboration. But the window for leniency will close. The introduction of mandatory reporting obligations and enhanced enforcement powers is a clear signal that penalties are on the horizon.

What This Means for Boards

  • Failing to act now could result in hefty fines, class actions, regulatory scrutiny, and long-term reputational damage.

  • Boards need to ensure that their
    organisations are not only compliant but also proactive in managing cyber risks.


The Time to Act is Now

Melbourne Cybersecurity Conference 2024 delivered a clear message: cybersecurity must be a top priority for every board and executive team. Whether it’s preparing for AI-driven risks, complying with evolving legislation, or addressing gaps in your incident response plan, the time to act is now.

At CyberOxide, we specialise in helping mid-sized companies navigate this complex landscape. From compliance audits to board-level strategy workshops, we’re here to ensure your organisation is ready for whatever comes next. Contact us today to get started.

Get in touch with us

Start your holistic cyber security discussion today.

Duong Dang
Operations Director

Related Articles