The Australian Cyber Security Centre (ACSC) lacks a clear view of the cyber security incidents suffered by Australian businesses because they\u2019re not sufficiently reported, the government body said today. The ACSC\u2019s 2016 Threat Report, released this morning, says the government \u201crelies heavily\u201d on the voluntary reporting of incidents by the private sector, but business\u2019 \u201cability and willingness\u201d to notify them was lacking. ACSC and its cyber response arm CERT Australia \u201crelies heavily on the voluntary self-reporting of cyber security incidents from a wide variety of sources throughout Australia and internationally and therefore does not have a complete view of incidents impacting Australian industry\u201d, the report stated. The ACSC were sympathetic to industry\u2019s reticence around disclosing cyber security incidents, noting that businesses may fear reputational damage or legal and commercial liabilities. However, this fear is stymieing the development of defences and training against future attacks, it said. \u201cIncreased reporting of cyber security incidents by the private sector would subsequently increase the ACSC\u2019s knowledge of cyber adversaries who target Australian industry and critical infrastructure, and the methods they employ. This knowledge would further enable the development of cyber security advice and mitigation strategies,\u201d the report stated.In a drive for better collaboration between government and business, the ACSC is relocating from its current home within the Australian Security Intelligence Organisation's Ben Chiefley building in Canberra to \u2018a new more accessible location in Canberra that will make it easier for stakeholders to engage with\u2019. The aim is for \u2018government and the private sector to work more effectively together\u2019 in resisting cyber threats. The centre would also be co-designing regional hubs\n\u2013 Joint Cyber Security Centres \u2013 with the\nprivate sector to improve information sharing. Speaking last month, Clive Lines, coordinator of the ACSC and deputy director of the Australian Signals Directorate said that a combined approach between government, industry and academia was essential to a successful cyber stance.\u201cThere is no other way of solving this problem. No one organisation can do it in isolation. It has to be a combined effort. We are beginning to put the flesh on the bones of the strategy from a government perspective.\u201dVoluntary to mandatory The currently voluntary reporting of certain incidents may soon become mandatory for businesses. In August the government indicated it intends to push ahead with legislation to create a mandatory data breach notification scheme. An exposure draft of the breach notification bill, made public in December, would oblige businesses to report a \u201cserious data breach\u201d to the Australian Information Commissioner and notify individuals whose data is affected by a breach. Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses, a slight increase on previous years. In 2014, CERT responded to 11,073 incidents. According to CERT Australia data, released in the report, the energy and communications sectors had the highest number of compromised systems, the banking and financial services and communications sectors had the highest incidence of DDoS activity, and the energy, mining and resources sectors had the highest number of malicious emails being received.