https://www.abc.net.au/news/2024-07-30/cyber-ransom-payments-new-laws-before-parliament/104113038
Australia is set to introduce a new law requiring businesses to report ransom payments to the government. This mandatory disclosure aims to improve national cybersecurity by providing law enforcement with greater visibility into ransomware threats and incentivising businesses to strengthen their defences.
The upcoming Cyber Security Act, expected to be debated in parliament soon, will compel businesses exceeding $3 million AUD in annual revenue to report ransom payments. This mirrors similar legislation in the US, but with a broader scope encompassing all businesses, not just critical infrastructure.
The decision follows a string of major cyberattacks on Australian companies, including the Optus and Medibank data breaches, and a cyber disruption that crippled several ports. Ransomware alone costs Australian organisations $3 billion annually.
While this law offers potential benefits, there are concerns. Reporting could create compliance burdens for smaller businesses, and the $15,000 fine for non-compliance may be seen as insufficient. Additionally, some worry it may discourage companies from reporting attacks altogether.
Despite these concerns, the Australian government believes the benefits outweigh the drawbacks. Increased transparency will aid law enforcement in tracking cybercriminals and developing mitigation strategies. Additionally, mandatory disclosure could incentivise businesses to invest more in cybersecurity to avoid the financial and reputational damage of a ransomware attack.
The success of this legislation will depend on its implementation and the resources allocated to support businesses in complying with the new regulations.https://www.abc.net.au/news/2024-07-30/cyber-ransom-payments-new-laws-before-parliament/104113038
Australia is set to introduce a new law requiring businesses to report ransom payments to the government. This mandatory disclosure aims to improve national cybersecurity by providing law enforcement with greater visibility into ransomware threats and incentivising businesses to strengthen their defences.
The upcoming Cyber Security Act, expected to be debated in parliament soon, will compel businesses exceeding $3 million AUD in annual revenue to report ransom payments. This mirrors similar legislation in the US, but with a broader scope encompassing all businesses, not just critical infrastructure.
The decision follows a string of major cyberattacks on Australian companies, including the Optus and Medibank data breaches, and a cyber disruption that crippled several ports. Ransomware alone costs Australian organisations $3 billion annually.
While this law offers potential benefits, there are concerns. Reporting could create compliance burdens for smaller businesses, and the $15,000 fine for non-compliance may be seen as insufficient. Additionally, some worry it may discourage companies from reporting attacks altogether.
Despite these concerns, the Australian government believes the benefits outweigh the drawbacks. Increased transparency will aid law enforcement in tracking cybercriminals and developing mitigation strategies. Additionally, mandatory disclosure could incentivise businesses to invest more in cybersecurity to avoid the financial and reputational damage of a ransomware attack.
The success of this legislation will depend on its implementation and the resources allocated to support businesses in complying with the new regulations.