News

Cyber security: the new challenge for company directors

1 June 2018
Decorative

ASX data shows that 80 percent of companies expect an increase in cyber risk over the next year, but  who is responsible when cybercrimes occur?

This is a question that The University of Queensland’s Dr Thea Voogt is working to answer.

The TC Beirne School of Law researcher said company boards must be proactive in protecting data and becoming cyber resilient.

“Company directors have to be across so many risks and take responsibility for compliance with a large number of laws, but cyber and data security is one that is becoming increasingly important,” Dr Voogt said.

“When data breaches occur, boards are ultimately responsible for complying with the Privacy Act and the new mandatory notifiable data breaches scheme, but the impact of significant breaches is much wider.

“Boards have to deal with the reputational fallout and shareholders may feel it in their pockets.

“Each director has to consider what it is that they should do and know about cyber security and data protection.”

Dr Voogt is researching case law in Australia and the US to investigate the legal duties of non-executive directors at large listed companies.

“Non-executive directors play a critical role in large companies,” she said.

“They carry the ultimate responsibility, but are not involved in the day-to-day operations.”

Dr Voogt said there were lessons to be learnt from data breaches that have occurred elsewhere.

“In the US, significant data breaches have led to shareholders taking legal action against directors,” she said.

“In Australia, the risk of shareholders taking directors to court using company law may not be as great, but ASIC views cyber resilience as part of each director's statutory duty of care and diligence. 

“Company law doesn’t tell us what non-executive directors should know or do about risks such as cybercrime.”

Dr Voogt’s research project aims to bring greater clarity to the duties and skills required within company boards. 

 “We need a refinement of the skills required by non-executive directors particularly in large companies, where more than 80 per cent of the directors are appointed in non-executive positions.”

Media: Dr Thea Voogt, t.voogt@law.uq.edu.au, +61 7 3346 7540, +61 437 271 359; Caroline Enright, media@law.uq.edu.au, +61 7 3365 2596.

Topics

Law and society

Related articles

A phone and small earphones placed on top of a laptop keyboard. The phone displaying a folder filled with social media apps on the screen

Social media ban: UQ experts

From 10 December 2025, Australians under 16 will be banned from having individual profiles on social media platforms. UQ has a range of experts who can comment on this topic.
8 December 2025
people sit on a bench at a bus stop

Commuters see fewer familiar faces post pandemic

Seeing people we recognise on the train or at the bus stop can enhance feelings of safety and comfort but a UQ study shows fewer people are regularly crossing paths on Brisbane public transport now than before the COVID-19 pandemic.
8 December 2025

Media contact

UQ Communications
communications@uq.edu.au
+61 429 056 139

Subscribe to UQ News

Get the latest from our newsroom.