According to a federal government estimate, cyber attacks on Australian businesses cost the Australian economy $29 billion each year. Malware attacks, which involve the installation of malicious software in systems, are said to pose the largest cyber threat. The Australian Signals Directorate predicts that cyber attacks will increase in the years to come with the rise of remote working arrangements often weakening system security.
In response to the worsening situation, the federal government launched a cyber security reform program in 2020 – its “Cyber Security Strategy 2020”. As part of this program, it released a discussion paper in July this year titled “Strengthening Australia’s cyber security regulations and incentives”.
The discussion paper (which can be accessed here) details that the federal government is proposing to introduce the following reforms in order to strengthen existing frameworks and fill regulatory gaps:
In addition, the federal opposition recently introduced its Ransomware Payments Bill 2021 to the Senate. If passed, Commonwealth entities, State and Territory agencies, corporations and partnerships who make a “ransomware payment” will be required to notify the Australian Cyber Security Centre in writing as soon as reasonably practicable. The Bill prescribes particular details that must be included in the notice and imposes a civil penalty for non-compliance.
Considerations for businesses
Businesses should implement the best practice measures recently outlined by ASIC in its current proceedings against an Australian financial service provider which it claims breached its obligations by failing to implement adequate cyber security measures. ASIC outlined that the provider should have implemented, among others, the following measures as part of its risk management framework:
Further, in light of the proposed reforms by both federal and opposition government, businesses should confirm which regulatory regimes they are governed by and keep track of legislative changes that will affect them.
This article provides general comments only. It does not purport to be legal advice. Before acting on the basis of any material contained in this article, we recommend that you seek professional advice.
Jacqui Ballard, Lawyer in our Transactions Team
Direct Telephone: +61 8 8210 2284