While most experts seem to think the companies have done the right thing by rejecting ransom demands, it should not have come to this.

While the companies are victims, they must also bear a share of the blame.

It seems likely that Medibank and Optus and many other companies have not invested enough in cyber security technology.

They have now discovered that this was a false economy. Medibank’s share price has fallen 20 per cent since the attacks as investors appreciate the damage to its brand.

Business risks like these should be incentive enough for far-sighted business leaders to invest more but government action is also necessary to enforce basic standards.

O’Neill said on Thursday Australia is five years behind in its approach to cybersecurity and promised a reform package that is expected to include much tougher fines for companies. The current maximum fine of about $2 million is completely inadequate.

The rules should also give stronger guidelines on what personal data companies can collect and retain. Hackers cannot steal information that companies do not have.

It may be necessary to require companies to encrypt more sensitive information.

The reforms are long overdue and O’Neill should bring them to parliament urgently. The opposition, which was asleep at the wheel when it was in government, should take a constructive attitude.

One small way companies and individuals can help is by refusing to amplify any leaks of personal information. Companies and individuals will only be helping the hackers if they make a big deal out of it or even use it as a reason to victimise the victims of the leaks.

After the hijacking of planes on 9/11, businesses around the world had to spend tens of billions upgrading airport security.

The hacks of the past month, although not comparable in the pain caused, point to the need for a similar sea change in cyber security.

Bevan Shields sends an exclusive newsletter to subscribers each week. Sign up to receive his Note from the Editor.