Cyber Security Bill Passed: What It Means for Australian Businesses

Australia has taken a significant step in bolstering its defences against cyber threats with the passing of its first cyber security legislation. This landmark bill, part of the government’s 2023-2030 Australian Cyber Security Strategy, was approved by the Senate on November 25, 2024, and introduces several critical measures to address the growing menace of cybercrime.

 

Mandatory Ransomware Reporting

A pivotal feature of the new legislation is the requirement for businesses to report ransomware payments to the government. This aims to enhance transparency and equip agencies with vital information to combat cybercrime more effectively. Historically, the lack of communication between private entities and government agencies has hindered coordinated responses to cyber incidents.

 

Improved Incident Response

The law introduces a ‘limited use’ obligation for the National Cyber Security Coordinator and the Australian Signals Directorate (ASD) to share information obtained from victims during cyber incidents. This change addresses previous gaps where private sector responses excluded government agencies, limiting their ability to respond comprehensively.

 

Security Standards for Smart Devices

Recognizing the increasing prevalence of smart devices, the legislation also mandates minimum security standards for these technologies. This measure aims to mitigate vulnerabilities that could be exploited by hackers.

 

Minister’s Statement

Minister for Cyber Security Tony Burke hailed the bill as a “key pillar” in the government’s mission to protect Australians from evolving cyber threats. He emphasized that the legislation reflects the government’s commitment to creating a safer digital environment.

 

Legislative Background

The Cyber Security Bill forms part of a broader package that includes amendments to the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 and the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024. Many elements of this bill were initially proposed in 2021 amid a surge in ransomware attacks, with further discussions and consultations held over the last year.

The new amendment to the Intelligence Services Act is particularly noteworthy as it facilitates better information sharing with the ASD during cyber incidents, ensuring a unified response to threats.

 

What This Means for Businesses

With these laws now in effect, businesses must prioritize compliance by:

  • Reporting ransomware payments promptly.
  • Adhering to new smart device security standards.
  • Collaborating with government agencies during cyber incidents.

For businesses unsure how to navigate these changes, IP Partners is here to help. Our team of experts can assist in evaluating your security posture, implementing necessary standards, and ensuring your organization is prepared for this new regulatory landscape.

 

For more information or a quote call us on (08) 7200 6080.

To keep up to date with important business and technology news and information follow us on:

Instagram – Facebook – Twitter – LinkedIn

Adelaide Office
Melbourne Office
Sydney Office
Brisbane Office