Cyber Security Bill 2024: Strengthening Australia’s Cyber Defences
18 October 2024
The Cyber Security Bill 2024 marks a critical step forward in safeguarding Australia’s economy from escalating cyber threats. The comprehensive legislation establishes a framework to protect individuals and businesses, while also equipping the government with the necessary tools to tackle emerging risks and improve policy and incident response strategies.
Key Provisions of the Bill:
Security Standards for Smart Devices (IoT): The Bill empowers the government to mandate security standards for internet-connected devices, enhancing the protection of user data and reducing vulnerabilities in smart technology.
Mandatory Ransomware Reporting: Businesses that pay a ransom following a cyberattack will be required to report it to the government. This critical measure addresses the widespread underreporting of ransomware incidents and strengthens the government’s ability to respond to, and mitigate, such attacks.
Limited Use of Incident Data: The Bill imposes strict limits on how cyber incident data, provided to the National Cyber Security Coordinator, can be shared with other government agencies which will ensure greater privacy and trust.
Cyber Incident Review Board: An independent body will be established to conduct reviews of significant cyber incidents, providing recommendations aimed at improving cyber resilience across the nation.
This Bill is a direct response to Australia’s rapidly evolving cyber threat landscape, with the aim of bolstering national resilience against cybercrime. Feedback from consultations with government, industry, and consumers has supported the Bill’s mandatory measures, ensuring it meets both public interest requirements and practical business needs.
Mandatory Ransomware Payment Reporting: A Critical Step
Ransomware continues to be one of the most destructive cyber threats facing Australia today. A significant aspect of the Cyber Security Bill 2024 is the introduction of mandatory ransomware payment reporting. By requiring businesses to report ransom payments, the government will gain critical insights that will inform policy decisions, disrupt criminal operations, and better support businesses that are targeted by these attacks.
The 2023 McGrathNicol report, "Ransomware: A Cost of Doing Business," played a key role in shaping the Bill and was frequently referenced in the Explanatory Memorandum. The report highlighted the underreporting of ransomware incidents and the significant financial burden that these attacks continue to place on businesses. Through mandatory reporting, the Australian Government will be better positioned to break the ransomware business model and reduce its impacts on the economy.
What’s Next?
McGrathNicol is about to release its fourth annual Ransomware Survey, and early indicators show a growing problem affecting both private and public sector organisations across Australia. This soon-to-be-launched research will provide further insights into the ransomware landscape and help inform ongoing efforts to strengthen cyber resilience.
The Cyber Security Bill 2024 is a timely response to the increasing sophistication of cybercriminals, and it represents a significant leap towards a more secure future for all Australians.