Cyber Attacks: Why we blame the business and not the attackers

Rather than businesses being perceived as a ‘victim’ of cyber attacks, growing public perception is that they are ‘failures’ who did not have adequate cyber security measures in place.


While the cyber attacker maintains anonymity, a business’s good name and reputation is irreparably harmed as the public loses trust. This can then lead to a downturn in revenue and, in some circumstances, can cause a once successful business to completely fail.

In something of an Australian first, ASIC recently commenced proceedings against a company that was the victim of a cyber-attack. ASIC alleges, in particular, that the company failed to implement appropriate policies and systems to prevent cyber attacks.

This, as much as anything, demonstrates the increasing pressure on businesses to ensure that they are not bystanders when it comes to cyber-security.


From January 2021 to June 2021, 30% of all data breaches notified to the Office of the Australian Information Commissioner (OAIC) were attributable to human error.

It is vital that businesses have sufficient measures in place to mitigate employees inadvertently exposing an organisation to both an attack and the flow-on effects from a data breach.

Strategies might include:

  • Data Breach Response Plan: This is a planning tool that identifies and explains the procedure your organisation will follow when responding to a data breach.
  • Cyber Security Policy: This explains the procedures your organisation will following when handling sensitive information, how to use the technology that keeps it secure, outlines security measures, including password requirements and identifying spam/scam emails and outlines how employees can prepare for a cyber-attack.
  • Appointing a Privacy Officer: This will be a senior staff member that other employees can approach regarding any cyber security issues. The Privacy Officer should have a clear role description and list of responsibilities.
  • Updating all Policies: All company policies and procedures should be regularly reviewed and updated to ensure it accounts for cyber security protection measures, including the Employee Code of Conduct, Social Media Policy, Anti-Discrimination and Harassment Policy, etc.


On 7 May 2021, the NSW Government released a draft Privacy and Personal Information Protection Amendment Bill 2021. If this is passed, it will make NSW the first state to implement mandatory notification of data breaches.

The intention is to create new standards of accountability and transparency in organisations in relation to their protection of personal information. Whilst this would only apply to an APP entity (an agency or organisation which must comply with obligations under the Privacy Act 1988 (Cth)), such a move again places the onus on businesses to protect themselves from cyber attackers and completely ignores the accountability of anonymous cyber attackers.

Evidently both public perception and political decision making appear to be moving to place all responsibility on businesses to have sufficient cyber security measures in place.

For these reasons, it is also imperative that businesses ensure all computers, phones and other electronic devices are protected with adequate security technology such as the Red Piranha Crystal Eye product.

If you wish to discuss any cyber security issues in relation to your business, please contact PBL Law Group.



Authored by

Raea Khan

Director Lawyer

Talk to a Lawyer Today

Speak to us Now on

or Request a Consultation.

We respond within 24 hours.
From Our Experience

Expert Insights That Matter to You

Get Help Today

Request a Consultation

Use the form to request a consultation with one of our expert lawyers.

We will contact you within 24 hours.

Or Speak to us now on

Raea Khan Circle
Director Lawyer
Raea Khan

Raea is Managing Director and Principal Lawyer for PBl Law Group. Raea assists clients with major projects, property developments, construction and strata law.

He has worked in Western Australia and Queensland assisting with expansion projects in the energy and resource sector and now predominately advises clients in Strata and Community Association matters.

He is a member of the Australian College of Strata Lawyers where majority of his work is advising developers and owners corporations with dispute related minor and major defects, strata governance and common property litigation. He is proficient at leading negotiations and meetings.

Raea has a particular interest in the commercial aspect of any dispute and always tries to weigh up the risk, reward and benefit of legal proceedings at each different stage.

Raea enjoys all forms of competitive sport, including Crossfit and actively participates in Triathlons, representing Australia as an age group athlete. He was a member of Red Head Surf Lifesaving club.

  • Strata Law
  • Construction & Major Projects
  • Commercial and Business Law
  • Planning & Environment Law