IT Brief Australia - Technology news for CIOs & IT decision-makers

Exclusive: How Aus3C is strengthening data security through new framework initiative

Today

In a bid to address growing cyber threats, the Australian Cyber Collaboration Centre (Aus3C), in partnership with CSIRO and the Department of Home Affairs, is spearheading the development of the Voluntary Data Classification Framework (VDCF).

This initiative is part of Australia's National Cybersecurity Strategy, designed to help businesses safeguard their data and bolster the nation's cyber resilience.

"This framework is about helping businesses understand the value of their data and ensuring they manage it securely in the digital economy," explained Matt Salier, CEO of Aus3C. "We need to make cybersecurity accessible, especially for small and medium enterprises (SMEs) that face numerous challenges daily."

The VDCF will provide a standardised approach for Australian businesses to classify and protect sensitive data.

As Salier highlighted, it aims to "address key industry challenges and empower organisations to adopt robust data protection practices."

Why Data Classification Matters

The increasing frequency of cyberattacks in Australia—one reported every six minutes, according to recent figures—underscores the urgency of enhanced cybersecurity. The VDCF seeks to equip businesses with practical tools to identify and mitigate data risks.

"Businesses are often unsure about the data they collect, where they store it, or how it's used," Salier said.

"The framework will guide them in understanding these aspects and making informed decisions about data governance."

A particular focus of the initiative is on SMEs, the backbone of Australia's economy. Unlike large corporations with dedicated cybersecurity teams, SMEs often struggle to allocate resources to data protection.

"We need a framework that's tailored to their needs," Salier explained. "By drawing on global best practices and aligning them with Australia's unique context, we can create a tool that's both effective and practical for smaller organisations."

Collaboration at the Core

The VDCF's development has been a collaborative effort, involving Aus3C, CSIRO's Data61, and Home Affairs.

Together, these entities have engaged extensively with industry stakeholders to ensure the framework reflects real-world needs.

"This partnership exemplifies how government, industry, and research institutions can work together," Salier noted. "CSIRO brings deep expertise in linking strategy and policy with practical solutions, while Home Affairs ensures alignment with legislative goals."

Consultation has been key to this approach. Workshops and surveys conducted across the country have provided businesses with opportunities to share their challenges and insights.

"Feedback from industry is critical," Salier said. "These sessions allow us to hear directly from businesses about their data management practices and identify areas for improvement."

Empowering Australian Businesses

The workshops, scheduled in major cities throughout December, are open to all businesses and offer practical guidance on improving data governance. Salier emphasised their value, particularly for time-pressed SME operators.

"These sessions provide a focused opportunity to think critically about one of your most valuable assets—your data," he said. "In just a few hours, businesses can gain insights and tools to enhance their cybersecurity posture."

The workshops also serve as a platform for education. Facilitators, including cybersecurity experts, will share best practices and real-world examples to help participants implement effective data protection measures.

"This is about equipping organisations with the knowledge they need to navigate an increasingly digital world," Salier explained.

Building a Unified Framework

A key goal of the VDCF is to complement existing data security standards. While certain sectors, such as financial services, already have robust requirements, many industries lack consistent guidelines.

"This framework is designed to fill those gaps," Salier said.

"By incorporating elements from global standards like GDPR and adapting them for Australian SMEs, we can create a resource that's both comprehensive and accessible."

The framework will also focus on raising awareness about data classification—a critical yet often overlooked aspect of cybersecurity.

"Data is one of our most precious assets," Salier stressed. "By helping businesses recognise its value and adopt better practices, we can significantly enhance Australia's cyber resilience."

Shaping the Future of Cybersecurity

The VDCF is set to launch in late 2025, but its impact is already being felt through ongoing consultations and workshops.

Salier expressed optimism about the initiative's potential to drive meaningful change.

"This is about more than just compliance," he said. "It's about creating a culture where businesses value and protect their data as a vital resource."

As the workshops begin, Aus3C is calling on Australian businesses to participate and contribute to the framework's development. Salier stressed the importance of collective action in strengthening the nation's cybersecurity.

"We all have a role to play," he added. "By working together, we can build a safer and more secure digital future for Australia."