Australia's new Cyber Security Bill: what's in it?
The Australian government has an ambitious goal to become a world leader in cyber security by 2030. The Albanese government recently proposed long-awaited legislation aimed at strengthening the nation's cybersecurity defences.
The 2024 Cyber Security Bill — What’s in it?
This legislation is the first standalone Cyber Security Act. It introduces new obligations and minimum cyber security standards that could substantially impact business operations. The Bill is part of a package of reforms that also includes amendments to the Intelligence Services Act 2001, and the Security of Critical Infrastructure Act 2018.
Here’s what the proposed laws include:
Mandatory Ransomware Reporting
One of the bill's central features is the requirement for businesses with an annual turnover of more than $3 million (or government entity) to report ransomware payments within 72 hours.
Expert believe that Ransomware is severely underreported in Australia, because companies are concerned about reputational damage. The new laws aim to enhance detection and response capabilities for ransomware incidents, potentially mitigating their overall impact.
The Cyber Bill includes provisions to ensure that any information provided about cyber security incidents is used or disclosed only for permitted purposes, with strict limitations on using this information for civil or regulatory actions against the reporting entity.
Failing to report cases, however, may result in civil penalties, including proposed fines of up to $15,000.
Security Standards for Smart Devices
Internet connected devices (think smart fridges, TVs and robot vacuums) are all around us. But many of these ‘smart devices’ collect vast amounts of data, and some of them can be easily hacked.
This bill introduces mandatory security standards for manufacturers and suppliers of smart devices. Non-compliance can lead to various enforcement actions, including compliance notices, stop notices, and recall notices on IoT (Internet of Things) products coming into Australia.
Cyber Incident Review Board
The proposed establishment of the Cyber Incident Review Board (CIRB) will be an independent body aimed at enhancing Australia's cybersecurity landscape. It will conduct thorough reviews of significant cyber incidents and providing valuable insights to both government and industry.
The CIRB's primary responsibilities include conducting independent reviews of major cyber security incidents, identifying root causes of these incidents, making recommendations to improve cyber resilience, and reporting publicly on its findings.
What’s next?
As this legislation progresses through parliament, businesses should prepare to adapt their cybersecurity practices accordingly.
This bill represents a significant shift in Australia's cybersecurity landscape, reflecting the public's growing awareness to the frequency and severity of cyber security breaches.
At ShadowSafe, we’ll continue to work with our clients to help them stay ahead of changes, meet compliance, and most importantly: operate safely and securely online.
Get an assessment of your business cyber cyber and IT risks
Know exactly what you need to implement in order to grow your business online with peace of mind. Our team will give you a clear plan and help you implement it with confidence.
