In a significant move to combat rising cyber threats, the Albanese government has introduced Australia’s first standalone cyber security legislation to parliament. The proposed Act aims to fortify the nation’s digital defences amid an alarming surge in cyber incidents, which have increased by 23% in the past financial year–equating to one attack every six minutes.
The legislation introduces several key provisions:
- Mandatory Ransomware Reporting: Victims who pay ransoms must report these payments to authorities, enabling better tracking of cyber-criminal activities.
- Enhanced Data Protection: Organisations handling critical infrastructure must strengthen their data security programs.
- Smart Device Standards: New minimum cybersecurity requirements for smart devices, ensuring secure default settings and regular updates.
- Improved Incident Investigation: The Cyber Incident Review Board will conduct “no-fault” investigations after significant attacks, sharing anonymised insights to enhance overall security practices.
While the legislation promises enhanced national security, it also presents challenges. Businesses, particularly smaller ones, may face increased compliance burdens and costs. Despite safeguards on information usage, some organisations might remain hesitant to share confidential data due to reputational concerns.
This legislative push follows high-profile incidents like the 2022 Optus data breach, which compromised over 11 million Australians’ personal information. The government’s ambitious goal is to establish Australia as a global cybersecurity leader by 2030. This new legislation represents a crucial step toward achieving this objective, acknowledging that robust cyber security is fundamental to national security, economic prosperity, and social well-being.
For a full reading of the media release, see here.
