Shining a light on cyber security

The Menzies Foundation will relaunch its Sir Ninian Stephen Menzies Law Scholarship later in 2018 with a focus on a pressing global legal issue: cyber
security. Here, University of Melbourne law student and Menzies Philanthropy Intern, Charlie Summons, outlines the pressing need for a considered focus
on protecting our data.

“There are two types of companies: those that have been hacked and those that will be.”

This quote from former FBI Director, Robert Mueller, should make the average Australian citizen rather uneasy. Think about how many transactions nowadays
occur online and how much of our personal and business data is stored ‘in the cloud’.

Data is just like any other valuable asset in that it needs to be protected from malicious interference. The rise of cloud-based data storage and internet
connectivity embedded into more and more everyday objects (Internet of Things) has expanded the vectors of attack for hackers.

The massive amount of data now stored online as a result of markets transitioning to the digital sphere means the consequences are significantly greater
than they were a decade ago. In 2017, the data of 57 million users of the ride-sharing app Uber was stolen. They were paid US$132,000 to delete the
data they had stolen.

Australia, then, is faced with the challenge of future-proofing itself to remain a safe and stable country in which to do business online and also to protect
the privacy of its citizens.

The Government has funded programs (such as the Australia Cyber Security Growth Network) to work towards increasing Australia’s competency in cyber security
and to stimulate the private sector adopting safer practices.

Embedded in the overall challenge of cyber security are fundamental regulatory and policy problems. Should private companies be allowed to “hack back”
or should they only be allowed to keep hackers out? Some US-based firms have asked their cyber security contractors to construct “honey pots” which
lure hackers in with harmless data to steal to be able to track them as they leave the firm’s network and hit back. Such conduct still contravenes
statutes outlawing foreign interference of another’s computer but some companies have become fed up with only being able to play a defensive role.

It is true that companies are extraordinarily susceptible to the consequences of a data breach. Not only is their trustworthiness on the line but, despite
being the ‘victim’ of the online attack, they are publicly viewed as the incompetent actor who caused the incident.

Beyond the immediate consequences of breaches, also, a lack of cyber security has extensive ramifications for the insurance industry. At the 2018 Berkshire
Hathaway annual meeting, Warren Buffett expressed concern over the future implications of cyber security: “Cyber is uncharted territory. It’s going
to get worse, not better.” Insurance companies lack cyber security underwriting experience. This, coupled with the increase in material risk in the
last decade, exposes insurers to losses that would not normally be realised under policies that have existed for a long time.

In light of these significant challenges, the Sir Ninian Stephen Menzies Law Scholar will make an important contribution to Australia’s response to cyber
security threats.

The Sir Ninian Stephen Menzies Law Scholarship will open for applicants late in 2018.