Reasonable Steps in Cyber Security

If You Cannot Prove It, It Is Difficult to Defend

Taking reasonable cyber security steps is not just about what your business does. It is about what your business can show. Cleverer helps Australian businesses move from assumed compliance to visible, evidence-based compliance.

Start Compliance Now Get Your Risk Score

General information only. Not legal advice.

What “reasonable steps” should show

Training occurred Staff, managers, and leaders were trained appropriately.

Responsibilities were clear People understood what was expected of them.

Activity was tracked Completion, reviews, and compliance actions were visible.

Evidence exists The business can demonstrate what it did before an incident occurred.

The reality

Reasonable steps are judged by what you can show, not what you intended

Many businesses believe they are doing enough because they have IT systems, policies, or training in place. But if something goes wrong, the focus shifts. The question becomes: what can you demonstrate? Without clear records, accountability, and evidence, it becomes harder to support a reasonable steps position.

Training alone is not enough

Awareness helps, but it does not prove the business acted in a structured way.

Policies are not proof

Documents matter, but they do not show that people followed them.

Assumptions are risky

“We think staff completed training” is not a strong position.

Evidence must exist before the incident

Creating records after the fact weakens credibility.

Train people

Staff should understand cyber risk and their role in reducing it.

Define responsibilities

Employees, managers, and directors should know what is expected.

Track activity

Completion, reviews, and compliance actions should be visible.

Maintain evidence

The business should be able to show what it did before a problem occurred.

What strengthens your position

Training completion is recorded and current
Responsibilities are clearly defined
Managers review compliance activity
Evidence is maintained over time
The business can explain what it did before an incident

What weakens your position

No proof of training completion
Unclear responsibilities
No visible compliance tracking
Evidence created after the event
Reliance on assumptions

How Cleverer helps

Cleverer helps businesses move beyond assumed compliance by providing training, tracking, accountability, and evidence in one system. It helps make reasonable steps visible, structured, and easier to demonstrate.

If you cannot prove it, it is difficult to defend

Turn your cyber security activity into visible, evidence-based compliance.

Start Compliance Now Book a Call

FAQ

Common questions about reasonable steps

What are reasonable steps in cyber security?

Reasonable steps are practical actions a business takes to reduce cyber risk and protect information.

Do reasonable steps require training?

Yes. Staff training is often part of reasonable steps, but it must be tracked and supported by evidence.

How do you prove reasonable steps?

By showing training, accountability, governance, tracking, and evidence of ongoing compliance activity.

Is Cleverer a compliance platform?

Yes. Cleverer helps businesses train staff, track compliance, and maintain evidence of reasonable steps.