Powered by MOMENTUM MEDIA
accounting times logo

Powered by MOMENTUMMEDIA

Powered by MOMENTUMMEDIA

How new cyber laws will impact businesses

Technology
18 November 2024
how the new cyber laws will impact businesses

Minister for Cyber Security Tony Burke recently proposed new legislation that would result in the country’s first standalone cyber security legislation, but how will this affect Australian businesses?

As previously reported by sister brand Lawyers Weekly, Minister for Cyber Security Tony Burke has proposed new legislation to the lower house that would result in the country’s first standalone cyber security legislation.

The new proposed legislation will introduce mandatory reporting for those who paid threat actors ransom, minimum cyber security standards for smart devices, and the establishment of a Cyber Incident Review Board, all as part of seven sections of the 2023–2030 Australian Cyber Security Strategy.

The Commonwealth government has also released another package of proposed legislation to tackle cyber security issues, following on from recent privacy and AI reforms.

==
==

Sister brand HR Leader recently spoke to Dan Pearce, general counsel at Holding Redlich, about the potential impact the proposed legislation could have on Australian organisations.

Pearce first broke down what the legislation comprises.

“As part of the government’s new package to address cyber security, the proposed Cyber Incident Review Board’s role will be to review and assess major cyber incidents that impact Australia’s defence or cause serious public concern,” he said.

“It will have the authority to request information from affected entities, allowing it to examine how incidents were handled and provide findings that help prevent future occurrences.

“While the board may share its findings with government and industry, any public reporting will not assign fault or prejudice legal rights. Through these reviews, the board aims to improve understanding and prevent similar incidents in the future.”

According to Pearce, the legislation would result in an extension of the Security of Critical Infrastructure Act’s reach to data systems in critical infrastructure.

“Amendments to the Security of Critical Infrastructure Act 2018 (SOCI Act) will extend the legislation to cover data systems associated with a critical infrastructure asset. The digital networks supporting essential services, such as utilities, healthcare, and finance, are increasingly vulnerable targets in cyber warfare,” Pearce said.

“By expanding the act’s reach, the government will have greater regulatory authority over data systems associated with critical infrastructure warfare that, if compromised, could disrupt national security or public safety.

“Additionally, these changes grant regulators a new power to address significant weaknesses in an entity’s risk management program when national security is at risk. For organisations, this means new obligations to protect these systems and respond to regulatory requirements.”

The proposed legislation also includes mandatory 72-hour reporting for ransom payments, security standards for smart devices, and other facets organisations must be aware of.

The legislation puts more of an onus on businesses and organisations to report acts of ransomware payments. Pearce said organisations must strengthen their cyber security measures to ensure that they are able to abide by such regulations.

“The proposed cyber security legislation package introduces new requirements for organisations, especially those managing data systems related to critical infrastructure,” he said.

“To prepare, organisations will need to review and strengthen their cyber security measures to ensure they meet these requirements, such as the new 72-hour deadline for reporting ransomware payments to the Australian Signals Directorate.

“This may involve assessing internal security measures, reviewing incident response plans, and preparing for increased regulatory requirements. By staying informed of these changes, organisations can better position themselves to comply with the legislation and manage potential cyber threats.”

Subscribe

Join our subscribers get exclusive access to freebies and the latest news

Subscribe now!
NEED TO KNOW