Source: Unsplash/Jefferson Santos. Australian enterprises and listed companies can benefit strongly from adopting New Zealand’s new privacy laws as a model for how to manage cyber risk. New Zealand’s laws bring information security ethics forward, significantly beyond just focusing on mandatory disclosure. Private sector organisations with an annual turnover of more than $3 million and Commonwealth public sector agencies in Australia are bound by the mandatory breach notification laws. ASX-listed companies also have other obligations to notify the ASX of anything that could materially affect share price. Cybersecurity breaches can have widespread implications not only affecting businesses, but also jeopardising essential service provision — as we saw recently when Eastern Health, the operator of four hospitals in Melbourne, was hit by a cyber attack forcing it to postpone elective surgeries.