At the opening of systems availability specialist Interactive's disaster recovery centre in North Sydney on Friday, Hockey said: "You are negligent as the director of a company if you do not take appropriate precautions to protect your information technology. You are negligent and there is no excuse."
Hockey also said that Australia has the perfect "cocktail of ingredients" for developing an industry around providing security and recovery-based services to global corporations.
"We have a stable political environment where the rule of law is enforceable, we have excellent individual skills, excellent training and excellent IT. If you have that cocktail of ingredients together you have the capacity to provide services in a very uncertain world that can represent the very foundations of major corporations -- not only in Asia but all around the world," said Hockey.
Commenting on the disaster readiness of Centrelink, the government agency responsible for benefit payments, the Minister described emergency plans as "adequate".
"One of the first questions I asked when I became minister was about protection, security and disaster recovery. So far I am happy that [Centrelink's] disaster recovery is adequate but you have to keep reviewing it," said Hockey
Sydney-based Interactive's managing director Christopher Ride stressed the importance of ensuring IT systems are protected.
"If IT doesn't work, you can't catch a plane, you can't make a bank transaction, you can't buy a litre of milk, you can't pump your car with petrol - it is critical. Sites like this protect those businesses that need to protect IT," said Ride.
Now back it up with effective strategies to help motivate organisations in improving their own security and DR capability. This could come in the form of tax relief and improved legalisation.
Simply put most organisations don’t invest in security and DR to the level that the government believes. It’s largely smoke and mirrors with a lot of feel good talk by everyone with little action.
Just take a look at our privacy and corporate governance laws – where’s the motivation for the investment? Risk management isn’t the complete answer either as many companies accept the risk as part of doing business with the attitude of ‘she’ll be right mate’. We need to help them understand that improved security is good for business; this is where the motivation will come from.