Cyber Security and the Law (LAWS90266)

Cyber security is becoming increasingly important with recent statistics suggesting that cybercrime cost around US$8.4 trillion globally in 2022 and is expected to grow to US$23.8 trillion by 2027.  

Addressing cyber security is an urgent and critical task for the government, the economy, and the protection of people’s rights. In response to the growing number and scale of cyber security incidents, there has been an increase in regulation imposed on both public and private sector entities and it is this regulation which is explored in this subject. 

While lawyers are essential in navigating and responding to this shifting and complex digital landscape, company executives and advisers working in cyber security also gain enormous benefit in understanding the risks and complexities in the way the law applies.  

This subject will examine the framework of laws regulating cyber security and the tensions that must be balanced in addressing cyber security risk, both for governments and private sector organisations. It will review the intersection of data security objectives and privacy rights and the ways these objectives are sometimes aligned and sometimes diametrically opposed. 

The subject will look at the several overseas jurisdictions to assess the patterns in international regulation of cyber security and consider possible future developments, both in Australia and around the globe. 

Indicative list of principal topics:

• Introduction to cyber security. What is cyber security? What are the threats? What are the specific cyber security risks?
• Overview of current international legislative frameworks for regulating cyber security.
• The Australian legislative framework for regulating cybersecurity.
• Cyber security as a corporate governance issue.
• Cyber security risk assessments and reporting.
• The legal issues raised by the occurrence of a cyber security incident
• Cyber security issues in the finance, health and telecommunications sectors
• The impact and requirements of Security of Critical Infrastructure Act 2018 (Cth)
• The privacy implication of data security breaches.
• Contractual allocation of cyber security risks.
• Cyber warfare.

The focus of the subject is on the cyber security obligations of owners of critical infrastructure and controllers of data, especially personal information covered by privacy laws. The subject does not directly cover public international law obligations of state parties, cyber security in the military context, or any criminal liability of those perpetrating cybercrimes.