The recommendations are centred around five key areas, the IAP said in a statement:
Deterrence: The government has been urged to establish clear consequences for those targeting businesses and Australians.
Prevention: Should include initiatives to help businesses and Australians remain safer online.
Resilience: Government should strengthen incident response and victim support options already in place.
Investment: The Joint Cyber Security Centre program should include increased resources and the establishment of a national board in partnership with industry, states and territories with an integrated governance structure underpinned by a charter outlining scope and deliverables.
The panel was made up of Telstra chief executive Andrew Penn (chair), Vocus Group chair Robert Mansfield, Tesla board chair Robyn Denholm, Northrop Grumman Australia chief executive Chris Deeble, NBN Co chief security officer Darren Kane and former US Secretary of Homeland Security Kirstjen Nielsen.
Commenting on the recommendations, Kaspersky ANZ general manager Margrith Appleby said: "The industry advisory panel reports that cyber security has never been more important. Cyber security must be an ongoing effort and not something that you do once and then put aside.
"Writing an internal business case to justify investing in cyber security protection can be challenging especially if businesses fail to view it this way. However, staying one step ahead and appreciating the true risk they pose to a business, needs to be part of the very DNA of running your operation.’’
Commenting on the recommendations, Ian Yip, chief executive of early stage venture capitalist Avertro, said: "The release of any government-initiated cyber security initiative helps with public awareness, which is great. The Industry Advisory Panel Report reads like a management consulting firm's report in that it is filled with industry-standard guiding principles and 'should' statements which with very few experts would argue.
"I particularly applaud the statement that 'the most senior leaders in both private and public sector organisations should have ultimate accountability for cyber security risk'. Lacking at this stage, is the 'how', which I'm hopeful the actual strategy addresses.
"The real challenge moving forward, is that a successful 2020 Cyber Security Strategy hinges upon the government's ability to scale the walls of behavioural change, and the apathetic attitudes towards cyber security that have been systemically engraved into the wider ecosystem.
"If the measures of success are not aligned across all key participating organisations, we are likely to fall prey to the same obstacles that befell the 2016 iteration of the strategy and once again, will not meet the intended outcomes that the well-meaning panel no doubt hopes we can achieve together as an industry."
On prioritising effectiveness, Yip said: "While it would have been nice to see better industry and sector balance across the panel participants, the recommendations make sense and very few industry professionals would disagree with them.
"It will be critical that the authors ensure they optimise for precision instead of leaving statements open to interpretation. Incentives for all involved must also be aligned or the management overheads will require an unbalanced amount of focus, thus taking away from effective execution of actions leading to intended outcomes."
And on the role of innovation in cyber security strategies, he had this comment: "It is great to see that the government realises the need to refresh its Cyber Security Strategy and adapt to the ever-evolving cyber threat environment. While it is commendable that the recommendations include the need to help organisations and citizens that may not have the necessary resources to combat cyber threats and manage their risks appropriately, we must actively acknowledge that local Australian cyber security capabilities and innovation play a real part in helping solve the overarching problem.
"Take the fast-growing start-up ecosystem as an example. Enabled by the support of AustCyber and accelerators like CyRise, we now have real experts and companies that can make an impact on a global level. It would do the industry a real disservice to view cyber security start-ups through the over-used lens of only requiring funding and support, rather than looking for opportunities where we can contribute to the macro challenge that the Cyber Security Strategy is aiming to tackle."
Roger Carvosso, strategy director at the ASX-listed global cloud security outfit FirstWave Cloud Technology, said: "This report is very timely, and a wake-up call again to Australian businesses. As a global cyber security company, we have seen first-hand the exponential growth in cyber threats during this pandemic, especially targeting SMEs. We have to be proactive in our approach to cyber reliance, not reactive. This report shows strong commitment to this approach which we applaud."
"This report is a good framework to meet the greatest business threat of our time – cyber crime. Most small businesses that get financially compromised by cyber crime like phishing and ransomware attacks find it very hard to survive.
"And, with the financial stress they are under now from this pandemic, it would be a double blow. Getting your business 'perimeter' cyber secure is a quick way to stop more than 90% of cyber threats before they reach the business. And as the report states, getting your staff trained to meet this challenge is mandatory, and an effective way to stop those that already reside in your business.
"The biggest challenge now for many small- and medium-sized enterprise is getting rubber on the road as we are now in the midst of the worst cyber crime spree the world has seen.
"With the huge growth in staff now working from home in a less cyber secure environment, businesses are now more at risk. We have witnessed our partners and customers move most staff to remote working and indications are that many won't return back to the office for a long time, if ever. Equipping staff with both training and technology is key to keeping ahead of this threat tsunami."