Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Australia’s first standalone Cyber Security Act to make ransom payment reporting mandatory

Australia is set to enable mandatory reporting of ransom payments and new standards for smart devices with new legislation that will allow the government to “keep pace with emerging threats”.

user icon Daniel Croft
Wed, 09 Oct 2024
Australia’s first standalone Cyber Security Act to make ransom payment reporting mandatory
expand image

Australian Cyber Security Minister Tony Burke is today (Wednesday, 9 October 2024) set to propose new legislation to the lower house that would result in the country’s first standalone Cyber Security Act.

The new legislation will introduce mandatory reporting for those who paid threat actors ransom, minimum cyber security standards for smart devices and the establishment of a Cyber Incident Review Board, all as part of seven sections of the 2023–2030 Australian Cyber Security Strategy.

“The creation of a Cyber Security Act is a long-overdue step for our country and reflects the government’s deep concern and focus on these threats,” Burke told the media.

============
============

“This legislation ensures we keep pace with emerging threats, positioning individuals and businesses better to respond to, and bounce back from cyber security threats.

“To achieve Australia’s vision of being a world leader in cyber security by 2030, we need the unified effort of government, industry and the community.”

A key factor of the new legislation is the introduction of “limited-use” or “safe harbour” legislation, which will encourage organisations to come forward after a cyber attack and share details with government agencies by limiting their use of the information shared to assisting the organisation and developing strategies to mitigate cyber attacks in the future.

The government will not be able to immediately use the shared information for regulatory action against the organisation.

Additionally, the Cyber Security Act would introduce a new government power that will force critical infrastructure operators to deal with major flaws in their risk management programs. These include organisations in the defence industry, financial markets, transport, utilities such as power and water, groceries, and communication.

The power could see companies forced to hand over information to the government or see the minister direct the actions of critical infrastructure providers when dealing with a major cyber incident.

Furthermore, the regulation of telecommunications security will be shifted under the Security of Critical Infrastructure (SOCI) Act.

In the 2022–2023 year alone, the Australian Signals Directorate (ASD) said it responded to 143 incidents “by entities who self-identified as critical infrastructure”, a dramatic increase from the 95 reported the previous years.

Additionally, the Australian Cyber Security Centre (ACSC) said that over the same period, Australia suffered 94,000 reports of cyber attacks, equating to one every six minutes.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.