Australia’s cybersecurity strategy focuses on protecting small businesses and critical infrastructure

Another topic that has been worrying the industry is the possibility of mandatory reporting following a ransomware payment, as well as a ban on ransomware payments altogether. In the strategy, the government says it wants to work with industry to co-design options for a mandatory no fault, no liability ransomware reporting obligation for businesses to report ransomware incidents and payments. In a radio interview, O’Neil said “The reason that we haven’t gone ahead with a ban is because I think everyone who I work with accepts that a ban at some stage is inevitable. The problem is that we just haven’t done the hard work to prepare the country to manage what a ransomware ban would do.”

AUCloud Maloney’s believes the mandatory no fault, no liability ransomware reporting will bring to the surface more opportunities for businesses to access support quickly.

And in order to secure identities, the government pledged to expand the Digital ID program to reduce the need for people to share sensitive personal information with government and businesses to access services online. Further details are yet to be provided.

Leading up to the cybersecurity strategy

There is no denying that the Optus data breach of September 2022 was the catalyst, pushing the current government to step up when it came to cybersecurity. After a brief moment of blaming the telco, the government’s attitude changed when less than a month later Medibank revealed what would become a much more serious breach, which resulted in extremely sensitive medical records of Australian residents being published on the dark web. 

In December 2022, O’Neil announced the development of the cybersecurity strategy, which then opened for consultation in late February 2023. More than 330 submissions were received and Home Affairs also held consultation events and stakeholder roundtables.  

In March, another major data breach was revealed with publicly listed Latitude Financial finding that data from 14 million people had been accessed. 

In May, the government announced how it was going to use $200 million — partially met from within the existing resources of the Department of Home Affairs and by redirecting funding — as part of the 2023-2024 budget to improve the country’s cyber resilience.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button