...
The starting point for finding out what to do if you think you have been hacked.
When you have an Incident
The Australian Institute of Company Directors (AICD) has a good resource about governing through a cyber crisis.
SAAS Shared Responsibility Model
...
Now, most small business won’t need to know anything about it, but if you have a Web App of any kind, or even just a website where users log in, then this is when you need to start knowing about these risks. I’m including it here because you may have heard someone techy mentioning the name OWASP Top Ten or Cros Site Scripting (XSS) or Injection Attacks. But this is where you will need a Trusted Advisor to help you out with this level of detail.
Legislation and Regulation
Not included
...
in this list
...
Anything is anything to do with your regulated responsibilities such as:
...
Yes, these are very much full of FUD, but these are the ones that you actually do need to know about, if you are covered by a specific piece of legislation or regulation.
Table 1 in the AICD Cyber Security Governance Principles handbook lists much of the legislation that governs cybersecurity across Australia. And there is much more detail than that in other resources also.